github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-02-24 11:25:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e66f70cf0bee94ee886970ee1cda2b86ab7b93e
DependencyCheck/dependency-check-gradle/README.md
ma wei 5e66f70cf0 Update README, add usage for install plugin from MavenCentral 
Former-commit-id: 26c9119b6eeb042e46f9855a2c51c48a0675419b
2015-06-06 10:29:50 +08:00

147 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Dependency-Check-Gradle
=========
**Working in progress**
This is a DependencyCheck gradle plugin designed for project which use Gradle as build script.
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
=========
## Usage
### Step 1, Apply dependency check gradle plugin
Please refer to either one of the solution
#### Solution 1Install from Maven Central
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.thoughtworks.tools:dependency-check:0.0.4'
}
}
apply plugin: 'dependency.check'
#### Solution 2Install from Gradle Plugin Portal
[dependency check gradle plugin on Gradle Plugin Portal](https://plugins.gradle.org/plugin/dependency.check)
**Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:**
```
plugins {
id "dependency.check" version "0.0.4"
}
```
**Build script snippet for use in all Gradle versions:**
```
buildscript {
repositories {
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4"
}
}
apply plugin: "dependency.check"
```
#### Solution 3Install from Bintray
```
apply plugin: "dependency-check"
buildscript {
repositories {
maven {
url 'http://dl.bintray.com/wei/maven'
}
mavenCentral()
}
dependencies {
classpath(
'com.tools.security:dependency-check:0.0.4'
)
}
}
```
### Step 2, Run gradle task
Once gradle plugin applied, run following gradle task to check the dependencies:
```
gradle dependencyCheck
```
The reports will be generated automatically under `./reports` folder.
If your project includes multiple sub-projects, the report will be generated for each sub-project in different sub-directory.
### FAQ
## What if I'm behind a proxy?
Maybe you have to use proxy to access internet, in this case, you could configure proxy settings for this plugin:
```
dependencyCheck {
proxyServer = "127.0.0.1" // required, the server name or IP address of the proxy
proxyPort = 3128 // required, the port number of the proxy
// optional, the proxy server might require username
// proxyUsername = "username"
// optional, the proxy server might require password
// proxyPassword = "password"
}
```
## What if my project includes multiple sub-project? How can I use this plugin for each of them including the root project?**
Try put 'apply plugin: "dependency-check"' inside the 'allprojects' or 'subprojects' if you'd like to check all sub-projects only, see below:
(1) For all projects including root project:
```
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4"
}
}
allprojects {
apply plugin: "dependency-check"
}
```
(2) For all sub-projects:
```
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath "gradle.plugin.com.tools.security:dependency-check:0.0.4"
}
}
subprojects {
apply plugin: "dependency-check"
}
```
In this way, the dependency check will be executed for all projects (including root project) or just sub projects.
Reference in New Issue View Git Blame Copy Permalink