I'm having maven project using dependency-check Maven Plugin [https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html%5C](dependency-check-maven)
The goal is to be able to run first dependency scan to get report as a part of verify stage or running plugin goal (aggregate) separately.
Then build maven site to include dependencies scan report into site.
On 'first' stage running plugin using aggregate goal directly.
mvn org.owasp:dependency-check-maven:check -Dformats=ALL
or as part of verify stage
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.4.3</version>
<executions>
<execution>
<goals>
<goal>aggregate</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
mvn verify -Dformats=ALL
This produces target/dependency-check-report.(xml,json,html.. all others)
Configure dependency-check plugin to be run on site stage
<reporting>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<reportSets>
<reportSet>
<reports>
<report>aggregate</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>
Running mvn site creates target/site/dependency-check-report.html and includes report into generated site
The issue is actually is that dependencies in this case are analyzed twice. If I run for 'site' stage
mvn site -Ddependency-check.skip=false
then reporting section is completely skipped and dependencies check report is not included into site 'Project Reports'. Is there any way to configure/run dependency-check maven plugin (goals) to consume for site report data, created on previous stage and include dependency-check:aggregate into site 'Project Reports' without running actual analysis again?