From 8fbf8df0bd2a402914badbf70264ae89439b9f10 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 7 May 2015 11:25:31 +0800 Subject: [PATCH 01/17] initial check in Former-commit-id: 2be8565868e6c8d62f86fcd7c70d350464c667c6 --- dependency-check-gradle/.gitignore | 11 ++ dependency-check-gradle/build.gradle | 23 +++ dependency-check-gradle/gradlew | 164 ++++++++++++++++++ dependency-check-gradle/gradlew.bat | 90 ++++++++++ dependency-check-gradle/pom.xml | 35 ++++ dependency-check-gradle/settings.gradle | 1 + .../plugin/DependencyCheckGradlePlugin.groovy | 16 ++ .../DependencyCheckGradlePlugin.properties | 1 + pom.xml | 1 + 9 files changed, 342 insertions(+) create mode 100644 dependency-check-gradle/.gitignore create mode 100644 dependency-check-gradle/build.gradle create mode 100755 dependency-check-gradle/gradlew create mode 100644 dependency-check-gradle/gradlew.bat create mode 100644 dependency-check-gradle/pom.xml create mode 100644 dependency-check-gradle/settings.gradle create mode 100644 dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy create mode 100644 dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties diff --git a/dependency-check-gradle/.gitignore b/dependency-check-gradle/.gitignore new file mode 100644 index 000000000..81b3f9e8c --- /dev/null +++ b/dependency-check-gradle/.gitignore @@ -0,0 +1,11 @@ +.idea/ +.gradle + +*.iml +*.ipr +*.iws + +out/ +build/ + +gradle-app.setting \ No newline at end of file diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle new file mode 100644 index 000000000..f85fa587e --- /dev/null +++ b/dependency-check-gradle/build.gradle @@ -0,0 +1,23 @@ +apply plugin: 'idea' +apply plugin: 'groovy' +apply plugin: 'maven' + +repositories { + mavenCentral() +} + +dependencies { + compile localGroovy() + compile gradleApi() +} + +group = 'com.tools.security' +version = '0.0.1' + +uploadArchives { + repositories { + mavenDeployer { + repository(url: uri('../repo')) + } + } +} \ No newline at end of file diff --git a/dependency-check-gradle/gradlew b/dependency-check-gradle/gradlew new file mode 100755 index 000000000..91a7e269e --- /dev/null +++ b/dependency-check-gradle/gradlew @@ -0,0 +1,164 @@ +#!/usr/bin/env bash + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn ( ) { + echo "$*" +} + +die ( ) { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; +esac + +# For Cygwin, ensure paths are in UNIX format before anything is touched. +if $cygwin ; then + [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` +fi + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >&- +APP_HOME="`pwd -P`" +cd "$SAVED" >&- + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules +function splitJvmOpts() { + JVM_OPTS=("$@") +} +eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS +JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" + +exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" diff --git a/dependency-check-gradle/gradlew.bat b/dependency-check-gradle/gradlew.bat new file mode 100644 index 000000000..8a0b282aa --- /dev/null +++ b/dependency-check-gradle/gradlew.bat @@ -0,0 +1,90 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windowz variants + +if not "%OS%" == "Windows_NT" goto win9xME_args +if "%@eval[2+2]" == "4" goto 4NT_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* +goto execute + +:4NT_args +@rem Get arguments from the 4NT Shell from JP Software +set CMD_LINE_ARGS=%$ + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml new file mode 100644 index 000000000..dc81c0668 --- /dev/null +++ b/dependency-check-gradle/pom.xml @@ -0,0 +1,35 @@ + + + 4.0.0 + http://maven.apache.org + + + org.owasp + dependency-check-parent + 1.2.11-SNAPSHOT + + + dependency-check-gradle + jar + + Dependency-Check Gradle Plugin + dependency-check-gradle is a Gradle Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries. + 2015 + + diff --git a/dependency-check-gradle/settings.gradle b/dependency-check-gradle/settings.gradle new file mode 100644 index 000000000..78561ee5e --- /dev/null +++ b/dependency-check-gradle/settings.gradle @@ -0,0 +1 @@ +rootProject.name = 'dependency-check-gradle' \ No newline at end of file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy new file mode 100644 index 000000000..eaa93ebb3 --- /dev/null +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy @@ -0,0 +1,16 @@ +package com.tools.security.plugin; + +import org.gradle.api.Plugin +import org.gradle.api.Project +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DependencyCheckGradlePlugin implements Plugin { + + private Logger logger = LoggerFactory.getLogger(getClass()) + + @Override + void apply(Project project) { + + } +} \ No newline at end of file diff --git a/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties b/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties new file mode 100644 index 000000000..50ae2f524 --- /dev/null +++ b/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties @@ -0,0 +1 @@ +implementation-class=com.tools.security.gradle.DependencyCheckGradlePlugin \ No newline at end of file diff --git a/pom.xml b/pom.xml index 9b6d427ee..2b1575c71 100644 --- a/pom.xml +++ b/pom.xml @@ -28,6 +28,7 @@ Copyright (c) 2012 - Jeremy Long dependency-check-cli dependency-check-ant dependency-check-maven + dependency-check-gradle dependency-check-jenkins dependency-check-utils From b0e34fd06260702e0fab76f5bccc95a581d83a1d Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 8 May 2015 15:35:55 +0800 Subject: [PATCH 02/17] add gradle task, utilize dependency-check-core functions to check dependency vulnerabilities Former-commit-id: bef42df0ed3869fbceb4fe3ec459228031554439 --- dependency-check-gradle/build.gradle | 12 ++-- .../plugin/DependencyCheckGradlePlugin.groovy | 5 +- .../security/tasks/DependencyCheckTask.groovy | 58 +++++++++++++++++++ .../dependency-check-gradle.properties | 1 + .../DependencyCheckGradlePlugin.properties | 1 - 5 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy create mode 100644 dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties delete mode 100644 dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index f85fa587e..5774f74df 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -3,12 +3,16 @@ apply plugin: 'groovy' apply plugin: 'maven' repositories { - mavenCentral() + mavenCentral() } dependencies { - compile localGroovy() - compile gradleApi() + compile( + localGroovy(), + gradleApi(), + 'org.owasp:dependency-check-core:1.2.10', + 'org.owasp:dependency-check-utils:1.2.10' + ) } group = 'com.tools.security' @@ -17,7 +21,7 @@ version = '0.0.1' uploadArchives { repositories { mavenDeployer { - repository(url: uri('../repo')) + repository(url: uri('../../../repo')) } } } \ No newline at end of file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy index eaa93ebb3..48def7af9 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy @@ -1,5 +1,6 @@ -package com.tools.security.plugin; +package com.tools.security.plugin +import com.tools.security.tasks.DependencyCheckTask; import org.gradle.api.Plugin import org.gradle.api.Project import org.slf4j.Logger @@ -11,6 +12,6 @@ class DependencyCheckGradlePlugin implements Plugin { @Override void apply(Project project) { - + project.tasks.create("dependencyCheck", DependencyCheckTask) } } \ No newline at end of file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy new file mode 100644 index 000000000..68a20612a --- /dev/null +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy @@ -0,0 +1,58 @@ +package com.tools.security.tasks + +import org.gradle.api.DefaultTask +import org.gradle.api.artifacts.Configuration +import org.gradle.api.artifacts.ResolvedArtifact +import org.gradle.api.tasks.TaskAction +import org.owasp.dependencycheck.Engine +import org.owasp.dependencycheck.data.nvdcve.CveDB +import org.owasp.dependencycheck.dependency.Dependency +import org.owasp.dependencycheck.reporting.ReportGenerator +import org.owasp.dependencycheck.utils.Settings + +class DependencyCheckTask extends DefaultTask { + + @TaskAction + def check() { + Settings.initialize() + def engine = new Engine() + + verifyDependencies(engine) + analyzeDependencies(engine) + retrieveVulnerabilities(engine) + generateReport(engine) + } + + def verifyDependencies(engine) { + logger.lifecycle("Verifying dependencies") + getAllDependencies(project).each { engine.scan(it) } + } + + def analyzeDependencies(Engine engine) { + logger.lifecycle("Checking for updates and analyzing vulnerabilities for dependencies") + engine.analyzeDependencies() + } + + def retrieveVulnerabilities(Engine engine) { + def vulnerabilities = engine.getDependencies().collect { Dependency dependency -> + dependency.getVulnerabilities() + }.flatten() + + logger.lifecycle("Found ${vulnerabilities.size()} vulnerabilities") + } + + def generateReport(Engine engine) { + logger.lifecycle("Generating report") + def reportGenerator = new ReportGenerator(project.getName(), engine.dependencies, engine.analyzers, + new CveDB().databaseProperties) + reportGenerator.generateReports("./reports", ReportGenerator.Format.ALL) + } + + def getAllDependencies(project) { + return project.getConfigurations().collect { Configuration configuration -> + configuration.getResolvedConfiguration().getResolvedArtifacts().collect { ResolvedArtifact artifact -> + artifact.getFile() + } + }.flatten(); + } +} diff --git a/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties b/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties new file mode 100644 index 000000000..5bbf11009 --- /dev/null +++ b/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties @@ -0,0 +1 @@ +implementation-class=com.tools.security.plugin.DependencyCheckGradlePlugin \ No newline at end of file diff --git a/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties b/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties deleted file mode 100644 index 50ae2f524..000000000 --- a/dependency-check-gradle/src/resources/META-INFO/gradle-plugins/DependencyCheckGradlePlugin.properties +++ /dev/null @@ -1 +0,0 @@ -implementation-class=com.tools.security.gradle.DependencyCheckGradlePlugin \ No newline at end of file From d5c1fda958fe26a9b66ed7f17261df37ccefe14c Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 8 May 2015 16:04:18 +0800 Subject: [PATCH 03/17] rename plugin name to 'dependency-check' Former-commit-id: 240e44081b0f0a6e2678f8b2c37ef8684f245ffd --- dependency-check-gradle/settings.gradle | 2 +- ...ency-check-gradle.properties => dependency-check.properties} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/{dependency-check-gradle.properties => dependency-check.properties} (100%) diff --git a/dependency-check-gradle/settings.gradle b/dependency-check-gradle/settings.gradle index 78561ee5e..e8000b493 100644 --- a/dependency-check-gradle/settings.gradle +++ b/dependency-check-gradle/settings.gradle @@ -1 +1 @@ -rootProject.name = 'dependency-check-gradle' \ No newline at end of file +rootProject.name = 'dependency-check' \ No newline at end of file diff --git a/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties b/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check.properties similarity index 100% rename from dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check-gradle.properties rename to dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency-check.properties From 1fa59270c1878073dfe8061daf8707a497ce7d6f Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 8 May 2015 16:04:29 +0800 Subject: [PATCH 04/17] add README Former-commit-id: d1a87185137952bdfeaf6dd2543e0ff748e37859 --- dependency-check-gradle/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 dependency-check-gradle/README.md diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md new file mode 100644 index 000000000..14f8856f7 --- /dev/null +++ b/dependency-check-gradle/README.md @@ -0,0 +1,8 @@ +Dependency-Check-Gradle +========= + +**Working in progress** + +This is a DependencyCheck gradle plugin designed for project which use Gradle as build script. + +Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. \ No newline at end of file From f29e4a5d3634a331319846f3f805cedd11d3c180 Mon Sep 17 00:00:00 2001 From: ma wei Date: Tue, 12 May 2015 16:22:15 +0800 Subject: [PATCH 05/17] remove unused code Former-commit-id: 1844b759f255550545b4ead5e527289c2ad8b1a7 --- .../tools/security/plugin/DependencyCheckGradlePlugin.groovy | 2 -- 1 file changed, 2 deletions(-) diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy index 48def7af9..f1f5dc901 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy @@ -8,8 +8,6 @@ import org.slf4j.LoggerFactory class DependencyCheckGradlePlugin implements Plugin { - private Logger logger = LoggerFactory.getLogger(getClass()) - @Override void apply(Project project) { project.tasks.create("dependencyCheck", DependencyCheckTask) From 51c3ebcdb875abd8aa577d4f823f21dc2a101174 Mon Sep 17 00:00:00 2001 From: ma wei Date: Tue, 12 May 2015 16:45:40 +0800 Subject: [PATCH 06/17] add ability to publish this plugin to Bintray Former-commit-id: 61b03346bf2f3035d52f86c88d8d655099ed5eb7 --- dependency-check-gradle/.gitignore | 3 +- dependency-check-gradle/build.gradle | 46 ++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/dependency-check-gradle/.gitignore b/dependency-check-gradle/.gitignore index 81b3f9e8c..2a132566c 100644 --- a/dependency-check-gradle/.gitignore +++ b/dependency-check-gradle/.gitignore @@ -8,4 +8,5 @@ out/ build/ -gradle-app.setting \ No newline at end of file +gradle-app.setting +gradle.properties \ No newline at end of file diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index 5774f74df..fc3a94a17 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -1,9 +1,16 @@ +plugins { + id 'nu.studer.plugindev' version '1.0.3' +} + apply plugin: 'idea' apply plugin: 'groovy' apply plugin: 'maven' repositories { mavenCentral() + maven { + url 'http://dl.bintray.com/wei/maven' + } } dependencies { @@ -18,10 +25,37 @@ dependencies { group = 'com.tools.security' version = '0.0.1' -uploadArchives { - repositories { - mavenDeployer { - repository(url: uri('../../../repo')) - } - } +//------------------------------- +// Local debug use only +// +//uploadArchives { +// repositories { +// mavenDeployer { +// repository(url: uri('../../../repo')) +// } +// } +//} +//------------------------------- + +plugindev { + pluginId = 'dependency.check' + pluginName = 'dependency-check' + pluginImplementationClass 'com.tools.security.plugin.DependencyCheckGradlePlugin' + pluginDescription 'This is dependency check gradle plugin.' + pluginLicenses 'Apache-2.0' + pluginTags 'dependency check', 'security' + authorId 'wmaintw' + authorName 'Wei Ma' + authorEmail 'wma@thoughtworks.com' + projectUrl 'https://github.com/wmaintw/DependencyCheck' + projectIssuesUrl 'https://github.com/wmaintw/DependencyCheck/issues' + projectVcsUrl 'git@github.com:wmaintw/DependencyCheck.git' + projectInceptionYear '2015' + done() +} + +bintray { + user = bintrayUser + key = bintrayUserKey + pkg.repo = bintrayRepo } \ No newline at end of file From d7351f97fe17e8e4a0ee90524752c3de53be49ad Mon Sep 17 00:00:00 2001 From: ma wei Date: Wed, 13 May 2015 10:17:07 +0800 Subject: [PATCH 07/17] add ability to publish this plugin to Gradle Plugin Portal Former-commit-id: 7dd9400a1871db2c880cecee3297734f39b3be4e --- dependency-check-gradle/README.md | 79 +++++++++++++++++++++++++++- dependency-check-gradle/build.gradle | 32 +++++++++-- 2 files changed, 107 insertions(+), 4 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index 14f8856f7..bb3e86687 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -5,4 +5,81 @@ Dependency-Check-Gradle This is a DependencyCheck gradle plugin designed for project which use Gradle as build script. -Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. \ No newline at end of file +Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. + +========= + +## Usage + +### Step 1, Apply dependency check gradle plugin + +Please refer to either one of the solution + +#### Solution 1,Bintray + +` +apply plugin: "dependency-check" + +buildscript { + repositories { + maven { + url 'http://dl.bintray.com/wei/maven' + } + mavenCentral() + } + dependencies { + classpath( + 'com.tools.security:dependency-check:0.0.1' + ) + } +} +` + +#### Solution 2,Gradle Plugin Portal + +[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check) + +**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:** + +` +// buildscript { +// ... +// } + +plugins { + id "dependency.check" version "0.0.1" +} + +// apply plugin: ... +` + +**Build script snippet for use in all Gradle versions:** + +` +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + } +} + +apply plugin: "dependency.check" +` + +#### Solution 3,Maven Central + +working in progress + +### Step 2, Run gradle task + +Once gradle plugin applied, run following gradle task to check the dependencies: + +` +gradle dependencyCheck +` + +The reports will be generated automatically under `./reports` folder. diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index fc3a94a17..fd0fb4a04 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -1,3 +1,15 @@ +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + + dependencies { + classpath "com.gradle.publish:plugin-publish-plugin:0.9.0" + } +} + plugins { id 'nu.studer.plugindev' version '1.0.3' } @@ -5,12 +17,10 @@ plugins { apply plugin: 'idea' apply plugin: 'groovy' apply plugin: 'maven' +apply plugin: "com.gradle.plugin-publish" repositories { mavenCentral() - maven { - url 'http://dl.bintray.com/wei/maven' - } } dependencies { @@ -37,6 +47,7 @@ version = '0.0.1' //} //------------------------------- +// publish to Bintray plugindev { pluginId = 'dependency.check' pluginName = 'dependency-check' @@ -58,4 +69,19 @@ bintray { user = bintrayUser key = bintrayUserKey pkg.repo = bintrayRepo +} + +// publish to gradle plugin portal +pluginBundle { + website = 'https://github.com/wmaintw/DependencyCheck' + vcsUrl = 'git@github.com:wmaintw/DependencyCheck.git' + description = 'This is dependency check gradle plugin.' + tags = ['dependency check', 'security'] + + plugins { + dependencyCheckPlugin { + id = 'dependency.check' + displayName = 'dependency-check' + } + } } \ No newline at end of file From 51e2af148e402f30cf3f27373732e4bd3fa77c58 Mon Sep 17 00:00:00 2001 From: ma wei Date: Wed, 13 May 2015 10:22:36 +0800 Subject: [PATCH 08/17] modify code format in README.md Former-commit-id: 5aabb0ec41022da8a2e0c83fc0317e7cbcc4cb95 --- dependency-check-gradle/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index bb3e86687..509fd0574 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -17,7 +17,7 @@ Please refer to either one of the solution #### Solution 1,Bintray -` +``` apply plugin: "dependency-check" buildscript { @@ -33,7 +33,7 @@ buildscript { ) } } -` +``` #### Solution 2,Gradle Plugin Portal @@ -41,7 +41,7 @@ buildscript { **Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:** -` +``` // buildscript { // ... // } @@ -51,11 +51,11 @@ plugins { } // apply plugin: ... -` +``` **Build script snippet for use in all Gradle versions:** -` +``` buildscript { repositories { maven { @@ -68,7 +68,7 @@ buildscript { } apply plugin: "dependency.check" -` +``` #### Solution 3,Maven Central @@ -78,8 +78,8 @@ working in progress Once gradle plugin applied, run following gradle task to check the dependencies: -` +``` gradle dependencyCheck -` +``` The reports will be generated automatically under `./reports` folder. From 3d08e8db068249074464983b83f8644d92677b82 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 10:48:15 +0800 Subject: [PATCH 09/17] generate report for each sub project in different directory Former-commit-id: f13f90e93121734706ad2bc43bf47d70533b117c --- .../tools/security/tasks/DependencyCheckTask.groovy | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy index 68a20612a..277985ea0 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy @@ -12,6 +12,8 @@ import org.owasp.dependencycheck.utils.Settings class DependencyCheckTask extends DefaultTask { + def currentProjectName = project.getName() + @TaskAction def check() { Settings.initialize() @@ -24,7 +26,7 @@ class DependencyCheckTask extends DefaultTask { } def verifyDependencies(engine) { - logger.lifecycle("Verifying dependencies") + logger.lifecycle("Verifying dependencies for project ${currentProjectName}") getAllDependencies(project).each { engine.scan(it) } } @@ -38,14 +40,14 @@ class DependencyCheckTask extends DefaultTask { dependency.getVulnerabilities() }.flatten() - logger.lifecycle("Found ${vulnerabilities.size()} vulnerabilities") + logger.lifecycle("Found ${vulnerabilities.size()} vulnerabilities in project ${currentProjectName}") } def generateReport(Engine engine) { - logger.lifecycle("Generating report") - def reportGenerator = new ReportGenerator(project.getName(), engine.dependencies, engine.analyzers, + logger.lifecycle("Generating report for project ${currentProjectName}") + def reportGenerator = new ReportGenerator(currentProjectName, engine.dependencies, engine.analyzers, new CveDB().databaseProperties) - reportGenerator.generateReports("./reports", ReportGenerator.Format.ALL) + reportGenerator.generateReports("./reports/${currentProjectName}", ReportGenerator.Format.ALL) } def getAllDependencies(project) { From 53d01e5fe1e23179b9bda6c32bc5c70b77b89bb2 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 11:04:39 +0800 Subject: [PATCH 10/17] update usage for multiple sub project Former-commit-id: 16aac082aa5f52f01db8f6935252306bd176860b --- dependency-check-gradle/README.md | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index 509fd0574..2d77772ad 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -70,6 +70,38 @@ buildscript { apply plugin: "dependency.check" ``` +**If your project includes multiple sub-project, configure build script this way:** + +``` +allprojects { + //other plugins you may use + //apply plugin: "java" + + apply plugin: "dependency-check" + + repositories { + mavenCentral() + } +} +``` + +or + +``` +subprojects { + //other plugins you may use + //apply plugin: "java" + + apply plugin: "dependency-check" + + repositories { + mavenCentral() + } +} +``` + +In this way, the dependency check will be executed for all projects (including root project) or just sub projects. + #### Solution 3,Maven Central working in progress @@ -83,3 +115,5 @@ gradle dependencyCheck ``` The reports will be generated automatically under `./reports` folder. + +If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory. From 77eebb6c1b921bdd60ecc53fc9d148ed454d16a8 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 11:06:34 +0800 Subject: [PATCH 11/17] update version to 0.0.2 Former-commit-id: d999f6fe3e9f5d6c309bdbda5581fb586e895930 --- dependency-check-gradle/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index fd0fb4a04..84404e922 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -33,7 +33,7 @@ dependencies { } group = 'com.tools.security' -version = '0.0.1' +version = '0.0.2' //------------------------------- // Local debug use only From f9e5ebccfdd338d2a060fd7011f4bc533086111e Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 11:24:29 +0800 Subject: [PATCH 12/17] modify usage for multiple sub project Former-commit-id: 295bd3be8cc8901c7d103b51d6a4041b53bbcb3e --- dependency-check-gradle/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index 2d77772ad..bf6d862dc 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -73,6 +73,17 @@ apply plugin: "dependency.check" **If your project includes multiple sub-project, configure build script this way:** ``` +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + } +} + allprojects { //other plugins you may use //apply plugin: "java" @@ -88,6 +99,17 @@ allprojects { or ``` +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + } +} + subprojects { //other plugins you may use //apply plugin: "java" From 583a5cda613bc4bcfaff954073e5d7652ff4feb4 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 11:25:18 +0800 Subject: [PATCH 13/17] upgrade dependency-core version to 1.2.11 Former-commit-id: c36d8d962a352c574cacabc73a4e12c1bb6c7a7a --- dependency-check-gradle/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index 84404e922..4f9405f73 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -27,7 +27,7 @@ dependencies { compile( localGroovy(), gradleApi(), - 'org.owasp:dependency-check-core:1.2.10', + 'org.owasp:dependency-check-core:1.2.11', 'org.owasp:dependency-check-utils:1.2.10' ) } From 00f10771d928a06eae565606530e5eaf687a2585 Mon Sep 17 00:00:00 2001 From: ma wei Date: Thu, 14 May 2015 11:27:02 +0800 Subject: [PATCH 14/17] modify the plugin version to 0.0.2 in README Former-commit-id: aab6f65c20e565647a7fd91f04af63aeedeab32f --- dependency-check-gradle/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index bf6d862dc..e2a863ec4 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -29,7 +29,7 @@ buildscript { } dependencies { classpath( - 'com.tools.security:dependency-check:0.0.1' + 'com.tools.security:dependency-check:0.0.2' ) } } @@ -47,7 +47,7 @@ buildscript { // } plugins { - id "dependency.check" version "0.0.1" + id "dependency.check" version "0.0.2" } // apply plugin: ... @@ -63,7 +63,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" } } @@ -80,7 +80,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" } } @@ -106,7 +106,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" } } From 8ddf4a0e720682d2a2a9c061d06c1383d931ffe4 Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 15 May 2015 11:33:17 +0800 Subject: [PATCH 15/17] add ability for user to customize proxy setting Former-commit-id: 8b5093ccc75751bbea1415334bd5f4335bc5bbc6 --- dependency-check-gradle/build.gradle | 16 +++++----- ...pendencyCheckConfigurationExtension.groovy | 8 +++++ .../plugin/DependencyCheckGradlePlugin.groovy | 14 +++++++-- .../security/tasks/DependencyCheckTask.groovy | 30 +++++++++++++++++-- 4 files changed, 55 insertions(+), 13 deletions(-) create mode 100644 dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index 4f9405f73..0b254abd8 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -33,18 +33,18 @@ dependencies { } group = 'com.tools.security' -version = '0.0.2' +version = '0.0.3' //------------------------------- // Local debug use only // -//uploadArchives { -// repositories { -// mavenDeployer { -// repository(url: uri('../../../repo')) -// } -// } -//} +uploadArchives { + repositories { + mavenDeployer { + repository(url: uri('../../../repo')) + } + } +} //------------------------------- // publish to Bintray diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy new file mode 100644 index 000000000..c28207b37 --- /dev/null +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy @@ -0,0 +1,8 @@ +package com.tools.security.extension + +class DependencyCheckConfigurationExtension { + String proxyServer + Integer proxyPort + String proxyUsername = "" + String proxyPassword = "" +} diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy index f1f5dc901..b3c51b4f4 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy @@ -1,15 +1,23 @@ package com.tools.security.plugin -import com.tools.security.tasks.DependencyCheckTask; +import com.tools.security.extension.DependencyCheckConfigurationExtension +import com.tools.security.tasks.DependencyCheckTask import org.gradle.api.Plugin import org.gradle.api.Project -import org.slf4j.Logger -import org.slf4j.LoggerFactory class DependencyCheckGradlePlugin implements Plugin { @Override void apply(Project project) { + initializeConfigurations(project) + registerTasks(project) + } + + def initializeConfigurations(Project project) { + project.extensions.create("dependencyCheck", DependencyCheckConfigurationExtension) + } + + def registerTasks(Project project) { project.tasks.create("dependencyCheck", DependencyCheckTask) } } \ No newline at end of file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy index 277985ea0..662e0e085 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy @@ -10,14 +10,16 @@ import org.owasp.dependencycheck.dependency.Dependency import org.owasp.dependencycheck.reporting.ReportGenerator import org.owasp.dependencycheck.utils.Settings +import static org.owasp.dependencycheck.utils.Settings.setString + class DependencyCheckTask extends DefaultTask { def currentProjectName = project.getName() @TaskAction def check() { - Settings.initialize() - def engine = new Engine() + initializeSettings() + def engine = initializeEngine() verifyDependencies(engine) analyzeDependencies(engine) @@ -25,6 +27,15 @@ class DependencyCheckTask extends DefaultTask { generateReport(engine) } + private Engine initializeEngine() { + new Engine() + } + + def initializeSettings() { + Settings.initialize() + overrideProxySetting() + } + def verifyDependencies(engine) { logger.lifecycle("Verifying dependencies for project ${currentProjectName}") getAllDependencies(project).each { engine.scan(it) } @@ -50,6 +61,21 @@ class DependencyCheckTask extends DefaultTask { reportGenerator.generateReports("./reports/${currentProjectName}", ReportGenerator.Format.ALL) } + def overrideProxySetting() { + if (isProxySettingExist()) { + logger.lifecycle("Using proxy ${project.dependencyCheck.proxyServer}:${project.dependencyCheck.proxyPort}") + + setString(Settings.KEYS.PROXY_SERVER, project.dependencyCheck.proxyServer) + setString(Settings.KEYS.PROXY_PORT, "${project.dependencyCheck.proxyPort}") + setString(Settings.KEYS.PROXY_USERNAME, project.dependencyCheck.proxyUsername) + setString(Settings.KEYS.PROXY_PASSWORD, project.dependencyCheck.proxyPassword) + } + } + + def isProxySettingExist() { + project.dependencyCheck.proxyServer != null && project.dependencyCheck.proxyPort != null + } + def getAllDependencies(project) { return project.getConfigurations().collect { Configuration configuration -> configuration.getResolvedConfiguration().getResolvedArtifacts().collect { ResolvedArtifact artifact -> From 7f528d8d4a3db6328460355743d79919088aaea4 Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 15 May 2015 11:39:52 +0800 Subject: [PATCH 16/17] update proxy setting usage Former-commit-id: fd11b04a2a68619e9481e9d1341ef64b96dbf9d8 --- dependency-check-gradle/README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index e2a863ec4..8785ade8a 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -139,3 +139,20 @@ gradle dependencyCheck The reports will be generated automatically under `./reports` folder. If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory. + +### What if you are behind a proxy? + +Maybe you have to use proxy to access internet, in this case, you could configure proxy settings for this plugin: + +``` +dependencyCheck { + proxyServer = "127.0.0.1" // required, the server name or IP address of the proxy + proxyPort = 3128 // required, the port number of the proxy + + // optional, the proxy server might require username + // proxyUsername = "username" + + // optional, the proxy server might require password + // proxyPassword = "password" +} +``` From c4843253c042174b8e98a0bd3e8a9831f69a9368 Mon Sep 17 00:00:00 2001 From: ma wei Date: Fri, 22 May 2015 15:14:21 +0800 Subject: [PATCH 17/17] update version in README Former-commit-id: f34bbf1704c329035cb12b739b40505cdae88230 --- dependency-check-gradle/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index 8785ade8a..a7f10a66d 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -29,7 +29,7 @@ buildscript { } dependencies { classpath( - 'com.tools.security:dependency-check:0.0.2' + 'com.tools.security:dependency-check:0.0.3' ) } } @@ -47,7 +47,7 @@ buildscript { // } plugins { - id "dependency.check" version "0.0.2" + id "dependency.check" version "0.0.3" } // apply plugin: ... @@ -63,7 +63,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" } } @@ -80,7 +80,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" } } @@ -106,7 +106,7 @@ buildscript { } } dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.2" + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" } }