IKE Tooling
IKE Tooling 186

Built With

Open-source software that ike-tooling 186 depends on, links against, ships within, or invokes at runtime.

Three layers of attribution ship with each release:

  • Software Bill of Materials (CycloneDX, JSON)[1] — full transitive dependency graph with SPDX-normalized licenses and artifact hashes. Ingestible by Dependency-Track, Trivy, Snyk, GitHub’s dependency graph.
  • Licenses (SPDX)[2] — human-readable SPDX-grouped view of declared dependencies, generated from bom.json (#335).
  • This page — curated companion covering what mechanical reports can’t see (Maven Site skin, external services, fonts inside artifacts, frontend assets in rendered HTML).

Curated narrative

Components covered by the project-wide supplement at src/main/built-with/supplement.yaml. These are the components that don’t appear in bom.json because they aren’t Maven artifacts (external services, fonts inside classifier ZIPs, runtime binaries, frontend assets).

Maven build infrastructure

Component License Role
Apache Maven core, build extensions, plugin API[3] Apache-2.0 Build orchestration. ike-tooling consumes maven-api-core, maven-api-plugin, maven-api-impl, maven-plugin-tools- annotations, and the standard build lifecycle plugins.
Maven Site Plugin[4] Apache-2.0 Generates the project Maven Site (this site).
Maven Project Info Reports Plugin[5] Apache-2.0 Produces dependencies.html, dependency-info.html, plugin-management.html, dependency-management.html, and the rest of the standard reports under Project Reports.
Maven Dependency Plugin[6] Apache-2.0 Unpacks classified ZIP artifacts (claude, site-theme, asciidoctorconfig, scaffold) into consumer build directories.
Maven Assembly Plugin[7] Apache-2.0 Builds the classified ZIP artifacts produced by ike-build-standards.
Maven Compiler / Surefire / Jar / Resources / Install / Deploy / Clean Plugins[8] Apache-2.0 Standard Maven lifecycle plugins.
Maven Source / Javadoc Plugins[8] Apache-2.0 Source jar and javadoc generation during release.
Maven GPG Plugin[9] Apache-2.0 Signs release artifacts. Configured to use the bc (Bouncy Castle) signer for parallel-safe signing without gpg-agent contention.
CycloneDX Maven Plugin[10] Apache-2.0 Generates the SBOM (bom.json + bom.xml) at package phase per ike-issues#333.

Maven Site skin

Component License Role
Sentry Maven Skin[11] Apache-2.0 The Maven Site skin applied to every published page. Provides the base navigation chrome (header, sidebar, breadcrumbs). The IKE Forest theme overlays Sentry’s defaults via the site-theme classifier produced by ike-build-standards (#318).
Maven Skin Tools[12] Apache-2.0 Velocity helper context ($headElement, $bodyElement) used by the Sentry skin. Pulled in as a maven-site-plugin dependency.
GraalVM Polyglot, GraalVM JS[13] GPL-2.0-only WITH Classpath-exception-2.0 Replaces the deprecated Nashorn engine for skin script evaluation. Pulled in as a maven-site-plugin dependency. Community Edition.
Prism[14] MIT Syntax highlighter shipped in rendered HTML. Used by the AsciiDoc pipeline; per-language CSS is bundled in the rendered output.

Cryptographic signing

Component License Role
Bouncy Castle (bcprov-jdk18on, bcpg-jdk18on)[15] MIT OpenPGP signing engine used by maven-gpg-plugin’s bc signer. IKE releases consistently use bc because the native gpg signer serializes through gpg-agent and breaks parallel reactor builds. SPDX classifies the MIT-X11-style BC license as MIT.

Test frameworks

Component License Role
JUnit 5 (Jupiter, Platform)[16] EPL-2.0 Unit test framework.
AssertJ[17] Apache-2.0 Fluent assertion library used in tests.
Mockito[18] MIT Mocking framework used in ike-workspace-model tests.

Documentation tooling consumed during plugin development

Component License Role
Asciidoctor Parser Doxia Module[19] MIT Lets maven-site-plugin render the src/site/asciidoc/*.adoc files (this page among them) as part of site:site.
JRuby[20] EPL-2.0 OR GPL-2.0-only OR LGPL-2.1-only Embedded Ruby runtime that the AsciiDoc parser uses. Pulled in transitively by the Doxia module. The OR is consumer’s choice.

Mechanical inventory

Direct dependencies of this module, grouped by SPDX expression. Generated from bom.json at build time.

No declared dependencies in this module’s SBOM.

  • site index[21]
  • ike-issues#336[22] — the issue that introduced this page (rename of the legacy "Third-Party Notices" to friendlier "Built With").
Maven plugin workspace management release orchestration gitflow IKE Network knowledge engineering
Links:
  • [1] bom.json
  • [2] licenses.html
  • [3] https://maven.apache.org/
  • [4] https://maven.apache.org/plugins/maven-site-plugin/
  • [5] https://maven.apache.org/plugins/maven-project-info-reports-plugin/
  • [6] https://maven.apache.org/plugins/maven-dependency-plugin/
  • [7] https://maven.apache.org/plugins/maven-assembly-plugin/
  • [8] https://maven.apache.org/plugins/
  • [9] https://maven.apache.org/plugins/maven-gpg-plugin/
  • [10] https://github.com/CycloneDX/cyclonedx-maven-plugin
  • [11] https://github.com/sentrysoftware/maven-skins
  • [12] https://github.com/sentrysoftware/maven-skins/tree/main/maven-skin-tools
  • [13] https://www.graalvm.org/
  • [14] https://prismjs.com/
  • [15] https://www.bouncycastle.org/
  • [16] https://junit.org/junit5/
  • [17] https://assertj.github.io/
  • [18] https://site.mockito.org/
  • [19] https://github.com/asciidoctor/asciidoctor-doxia
  • [20] https://www.jruby.org/
  • [21] index.html
  • [22] https://github.com/IKE-Network/ike-issues/issues/336
Date: 2026-05-17 22:26:06 -0700
Searching...
No results.