From d7351f97fe17e8e4a0ee90524752c3de53be49ad Mon Sep 17 00:00:00 2001 From: ma wei Date: Wed, 13 May 2015 10:17:07 +0800 Subject: [PATCH] add ability to publish this plugin to Gradle Plugin Portal Former-commit-id: 7dd9400a1871db2c880cecee3297734f39b3be4e --- dependency-check-gradle/README.md | 79 +++++++++++++++++++++++++++- dependency-check-gradle/build.gradle | 32 +++++++++-- 2 files changed, 107 insertions(+), 4 deletions(-) diff --git a/dependency-check-gradle/README.md b/dependency-check-gradle/README.md index 14f8856f7..bb3e86687 100644 --- a/dependency-check-gradle/README.md +++ b/dependency-check-gradle/README.md @@ -5,4 +5,81 @@ Dependency-Check-Gradle This is a DependencyCheck gradle plugin designed for project which use Gradle as build script. -Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. \ No newline at end of file +Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. + +========= + +## Usage + +### Step 1, Apply dependency check gradle plugin + +Please refer to either one of the solution + +#### Solution 1,Bintray + +` +apply plugin: "dependency-check" + +buildscript { + repositories { + maven { + url 'http://dl.bintray.com/wei/maven' + } + mavenCentral() + } + dependencies { + classpath( + 'com.tools.security:dependency-check:0.0.1' + ) + } +} +` + +#### Solution 2,Gradle Plugin Portal + +[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check) + +**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:** + +` +// buildscript { +// ... +// } + +plugins { + id "dependency.check" version "0.0.1" +} + +// apply plugin: ... +` + +**Build script snippet for use in all Gradle versions:** + +` +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + dependencies { + classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1" + } +} + +apply plugin: "dependency.check" +` + +#### Solution 3,Maven Central + +working in progress + +### Step 2, Run gradle task + +Once gradle plugin applied, run following gradle task to check the dependencies: + +` +gradle dependencyCheck +` + +The reports will be generated automatically under `./reports` folder. diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index fc3a94a17..fd0fb4a04 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -1,3 +1,15 @@ +buildscript { + repositories { + maven { + url "https://plugins.gradle.org/m2/" + } + } + + dependencies { + classpath "com.gradle.publish:plugin-publish-plugin:0.9.0" + } +} + plugins { id 'nu.studer.plugindev' version '1.0.3' } @@ -5,12 +17,10 @@ plugins { apply plugin: 'idea' apply plugin: 'groovy' apply plugin: 'maven' +apply plugin: "com.gradle.plugin-publish" repositories { mavenCentral() - maven { - url 'http://dl.bintray.com/wei/maven' - } } dependencies { @@ -37,6 +47,7 @@ version = '0.0.1' //} //------------------------------- +// publish to Bintray plugindev { pluginId = 'dependency.check' pluginName = 'dependency-check' @@ -58,4 +69,19 @@ bintray { user = bintrayUser key = bintrayUserKey pkg.repo = bintrayRepo +} + +// publish to gradle plugin portal +pluginBundle { + website = 'https://github.com/wmaintw/DependencyCheck' + vcsUrl = 'git@github.com:wmaintw/DependencyCheck.git' + description = 'This is dependency check gradle plugin.' + tags = ['dependency check', 'security'] + + plugins { + dependencyCheckPlugin { + id = 'dependency.check' + displayName = 'dependency-check' + } + } } \ No newline at end of file