DependencyCheck/dependency-check-gradle

Dependency-Check-Gradle

Working in progress

This is a DependencyCheck gradle plugin designed for project which use Gradle as build script.

Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

=========

Usage

Step 1, Apply dependency check gradle plugin

Please refer to either one of the solution

Solution 1，Bintray

apply plugin: "dependency-check"

buildscript {
    repositories {
        maven {
            url 'http://dl.bintray.com/wei/maven'
        }
        mavenCentral()
    }
    dependencies {
        classpath(
                'com.tools.security:dependency-check:0.0.1'
        )
    }
}

Solution 2，Gradle Plugin Portal

dependency check gradle plugin on Gradle Plugin Portal

Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:

// buildscript {
//     ...
// }

plugins {
    id "dependency.check" version "0.0.1"
}

// apply plugin: ...

Build script snippet for use in all Gradle versions:

buildscript {
  repositories {
    maven {
      url "https://plugins.gradle.org/m2/"
    }
  }
  dependencies {
    classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
  }
}

apply plugin: "dependency.check"

Solution 3，Maven Central

working in progress

Step 2, Run gradle task

Once gradle plugin applied, run following gradle task to check the dependencies:

gradle dependencyCheck

The reports will be generated automatically under ./reports folder.