github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 17:47:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
583a5cda613bc4bcfaff954073e5d7652ff4feb4
DependencyCheck/dependency-check-gradle/README.md
ma wei f9e5ebccfd modify usage for multiple sub project 
Former-commit-id: 295bd3be8cc8901c7d103b51d6a4041b53bbcb3e
2015-05-14 11:24:29 +08:00

142 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Dependency-Check-Gradle
=========
**Working in progress**
This is a DependencyCheck gradle plugin designed for project which use Gradle as build script.
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
=========
## Usage
### Step 1, Apply dependency check gradle plugin
Please refer to either one of the solution
#### Solution 1Bintray
```
apply plugin: "dependency-check"
buildscript {
repositories {
maven {
url 'http://dl.bintray.com/wei/maven'
}
mavenCentral()
}
dependencies {
classpath(
'com.tools.security:dependency-check:0.0.1'
)
}
}
```
#### Solution 2Gradle Plugin Portal
[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check)
**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:**
```
// buildscript {
// ...
// }
plugins {
id "dependency.check" version "0.0.1"
}
// apply plugin: ...
```
**Build script snippet for use in all Gradle versions:**
```
buildscript {
repositories {
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
}
}
apply plugin: "dependency.check"
```
**If your project includes multiple sub-project, configure build script this way:**
```
buildscript {
repositories {
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
}
}
allprojects {
//other plugins you may use
//apply plugin: "java"
apply plugin: "dependency-check"
repositories {
mavenCentral()
}
}
```
or
```
buildscript {
repositories {
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.1"
}
}
subprojects {
//other plugins you may use
//apply plugin: "java"
apply plugin: "dependency-check"
repositories {
mavenCentral()
}
}
```
In this way, the dependency check will be executed for all projects (including root project) or just sub projects.
#### Solution 3Maven Central
working in progress
### Step 2, Run gradle task
Once gradle plugin applied, run following gradle task to check the dependencies:
```
gradle dependencyCheck
```
The reports will be generated automatically under `./reports` folder.
If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory.
Reference in New Issue View Git Blame Copy Permalink