From 5e66f70cf0bee94ee886970ee1cda2b86ab7b93e Mon Sep 17 00:00:00 2001 From: ma wei Date: Sat, 6 Jun 2015 10:29:50 +0800 Subject: [PATCH] Update README, add usage for install plugin from MavenCentral Former-commit-id: 26c9119b6eeb042e46f9855a2c51c48a0675419b --- dependency-check-gradle/README.md | 181 ++++++++++++++---------------- 1 file changed, 85 insertions(+), 96 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index a7f10a66d..f8734466c 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -15,7 +15,49 @@ Dependency-Check is a utility that attempts to detect publicly disclosed vulnera Please refer to either one of the solution -#### Solution 1,Bintray +#### Solution 1,Install from Maven Central + +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'com.thoughtworks.tools:dependency-check:0.0.4' + } +} + +apply plugin: 'dependency.check' + +#### Solution 2,Install from Gradle Plugin Portal + +[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check) + +**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:** + +``` +plugins { + id "dependency.check" version "0.0.4" +} +``` + +**Build script snippet for use in all Gradle versions:** + +``` +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4" + } +} + +apply plugin: "dependency.check" +``` + +#### Solution 3,Install from Bintray ``` apply plugin: "dependency-check" @@ -29,105 +71,12 @@ buildscript { } dependencies { classpath( - 'com.tools.security:dependency-check:0.0.3' + 'com.tools.security:dependency-check:0.0.4' ) } } ``` -#### Solution 2,Gradle Plugin Portal - -[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check) - -**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:** - -``` -// buildscript { -// ... -// } - -plugins { - id "dependency.check" version "0.0.3" -} - -// apply plugin: ... -``` - -**Build script snippet for use in all Gradle versions:** - -``` -buildscript { - repositories { - maven { - url "https://plugins.gradle.org/m2/" - } - } - dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" - } -} - -apply plugin: "dependency.check" -``` - -**If your project includes multiple sub-project, configure build script this way:** - -``` -buildscript { - repositories { - maven { - url "https://plugins.gradle.org/m2/" - } - } - dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" - } -} - -allprojects { - //other plugins you may use - //apply plugin: "java" - - apply plugin: "dependency-check" - - repositories { - mavenCentral() - } -} -``` - -or - -``` -buildscript { - repositories { - maven { - url "https://plugins.gradle.org/m2/" - } - } - dependencies { - classpath "gradle.plugin.com.tools.security:dependency-check:0.0.3" - } -} - -subprojects { - //other plugins you may use - //apply plugin: "java" - - apply plugin: "dependency-check" - - repositories { - mavenCentral() - } -} -``` - -In this way, the dependency check will be executed for all projects (including root project) or just sub projects. - -#### Solution 3,Maven Central - -working in progress - ### Step 2, Run gradle task Once gradle plugin applied, run following gradle task to check the dependencies: @@ -140,7 +89,9 @@ The reports will be generated automatically under `./reports` folder. If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory. -### What if you are behind a proxy? +### FAQ + +## What if I'm behind a proxy? Maybe you have to use proxy to access internet, in this case, you could configure proxy settings for this plugin: @@ -156,3 +107,41 @@ dependencyCheck { // proxyPassword = "password" } ``` + +## What if my project includes multiple sub-project? How can I use this plugin for each of them including the root project?** + +Try put 'apply plugin: "dependency-check"' inside the 'allprojects' or 'subprojects' if you'd like to check all sub-projects only, see below: + +(1) For all projects including root project: +``` +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4" + } +} + +allprojects { + apply plugin: "dependency-check" +} +``` + +(2) For all sub-projects: +``` +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4" + } +} + +subprojects { + apply plugin: "dependency-check" +} +``` + +In this way, the dependency check will be executed for all projects (including root project) or just sub projects. \ No newline at end of file