github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
583a5cda613bc4bcfaff954073e5d7652ff4feb4
DependencyCheck/dependency-check-gradle
History
ma wei 583a5cda61 upgrade dependency-core version to 1.2.11 
Former-commit-id: c36d8d962a352c574cacabc73a4e12c1bb6c7a7a
2015-05-14 11:25:18 +08:00
..
src/main
generate report for each sub project in different directory
2015-05-14 10:48:15 +08:00
.gitignore
add ability to publish this plugin to Bintray
2015-05-12 16:45:40 +08:00
build.gradle
upgrade dependency-core version to 1.2.11
2015-05-14 11:25:18 +08:00
gradlew
initial check in
2015-05-07 11:25:31 +08:00
gradlew.bat
initial check in
2015-05-07 11:25:31 +08:00
pom.xml
initial check in
2015-05-07 11:25:31 +08:00
README.md
modify usage for multiple sub project
2015-05-14 11:24:29 +08:00
settings.gradle
rename plugin name to 'dependency-check'
2015-05-08 16:04:18 +08:00

README.md

Dependency-Check-Gradle

Working in progress

This is a DependencyCheck gradle plugin designed for project which use Gradle as build script.

Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

=========

Usage

Step 1, Apply dependency check gradle plugin

Please refer to either one of the solution

Solution 1Bintray

apply plugin: "dependency-check"

buildscript {
    repositories {
        maven {
            url 'http://dl.bintray.com/wei/maven'
        }
        mavenCentral()
    }
    dependencies {
        classpath(
                'com.tools.security:dependency-check:0.0.1'
        )
    }
}

Solution 2Gradle Plugin Portal

dependency check gradle plugin on Gradle Plugin Portal

Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:

// buildscript {
//     ...
// }

plugins {
    id "dependency.check" version "0.0.1"
}

// apply plugin: ...

Build script snippet for use in all Gradle versions:

buildscript {
  repositories {
    maven {
      url "https://plugins.gradle.org/m2/"
    }
  }
  dependencies {
    classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
  }
}

apply plugin: "dependency.check"

If your project includes multiple sub-project, configure build script this way:

buildscript {
  repositories {
    maven {
      url "https://plugins.gradle.org/m2/"
    }
  }
  dependencies {
    classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
  }
}

allprojects {
    //other plugins you may use
    //apply plugin: "java"

    apply plugin: "dependency-check"

    repositories {
        mavenCentral()
    }
}

or

buildscript {
  repositories {
    maven {
      url "https://plugins.gradle.org/m2/"
    }
  }
  dependencies {
    classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
  }
}

subprojects {
    //other plugins you may use
    //apply plugin: "java"

    apply plugin: "dependency-check"

    repositories {
        mavenCentral()
    }
}

In this way, the dependency check will be executed for all projects (including root project) or just sub projects.

Solution 3Maven Central

working in progress

Step 2, Run gradle task

Once gradle plugin applied, run following gradle task to check the dependencies:

gradle dependencyCheck

The reports will be generated automatically under ./reports folder.

If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory.

Reference in New Issue View Git Blame Copy Permalink