Property Detail

• @org.gradle.api.tasks.Internal java.lang.Object artifactType

• @org.gradle.api.tasks.Internal java.lang.Object currentProjectName

Method Detail

• protected void addDependency(org.owasp.dependencycheck.Engine engine, java.lang.String projectName, java.lang.String configurationName, java.lang.String group, java.lang.String name, java.lang.String version, java.lang.String displayName, java.io.File file = null)

  Adds a dependency to the engine. This is used when an artifact is scanned that is not supported by dependency-check (different dependency type for possibly new language).

  Parameters:

  engine - a reference to the engine

  projectName - the project name

  configurationName - the configuration name

  group - the group id

  name - the name or artifact id

  version - the version number

  displayName - the display name

• protected void addInfoToDependencies(java.util.List<org.owasp.dependencycheck.dependency.Dependency> deps, java.lang.String configurationName, java.lang.String group, java.lang.String artifact, java.lang.String version)

  Adds additional information and evidence to the dependencies.

  Parameters:

  deps - the list of dependencies that will be updated

  configurationName - the configuration name that the artifact was identified in

  group - the group id for the artifact coordinates

  artifact - the artifact id for the artifact coordinates

  version - the version number for the artifact coordinates

• @org.gradle.api.tasks.TaskAction java.lang.Object analyze()

  Calls dependency-check-core's analysis engine to scan all of the projects dependencies.

• java.lang.Object canBeResolved(java.lang.Object configuration)

  Determines if the onfiguration can be resolved

  Parameters:

  configuration - the configuration to inspect

  Returns:

  true if the configuration can be resolved; otherwise false

• AbstractAnalyze.CheckForFailureResult checkForFailure(org.owasp.dependencycheck.Engine engine)

  If configured, fails the build if a vulnerability is identified with a CVSS score higher than the failure threshold configured.

• java.lang.Object cleanup(java.lang.Object engine)

  Releases resources and removes temporary files used.

• java.lang.Object determineDisplayName()

  Gets the projects display name. Project.getDisplayName() has been introduced with Gradle 3.3, thus we need to check for the method's existence first. Fallback: use project NAME

  Returns:

  the display name

• java.lang.Object isTestConfiguration(java.lang.Object configuration)

  Determines if the configuration should be considered a test configuration.

  Parameters:

  configuration - the configuration to insepct

  Returns:

  true if the configuration is considered a tet configuration; otherwise false

• static java.lang.Object isTestConfigurationCheck(java.lang.Object configuration)

  Checks whether a configuration is considered to be a test configuration in order to skip it. A configuration is considered a test configuration if and only if any of the following conditions holds:

  • the name of the configuration or any of its parent configurations equals 'testCompile'
  • the name of the configuration or any of its parent configurations equals 'androidTestCompile'
  • the configuration name starts with 'test'
  • the configuration name starts with 'androidTest'

• protected void processConfigLegacy(org.gradle.api.artifacts.Configuration configuration, org.owasp.dependencycheck.Engine engine)

  Process the incoming artifacts for the given project's configurations using APIs pre-gradle 4.0.

  Parameters:

  project - the project to analyze

  engine - the dependency-check engine

• protected void processConfigV4(org.gradle.api.Project project, org.gradle.api.artifacts.Configuration configuration, org.owasp.dependencycheck.Engine engine)

  Process the incoming artifacts for the given project's configurations using APIs introduced in gradle 4.0+.

  Parameters:

  project - the project to analyze

  configuration - a particular configuration of the project to analyze

  engine - the dependency-check engine

• protected void processConfigurations(org.gradle.api.Project project, org.owasp.dependencycheck.Engine engine)

  Process the incoming artifacts for the given project's configurations.

  Parameters:

  project - the project to analyze

  engine - the dependency-check engine

• java.lang.Object scanDependencies(java.lang.Object engine)

  Loads the projects dependencies into the dependency-check analysis engine.

• void sendSlackNotification(AbstractAnalyze.CheckForFailureResult checkForFailureResult)

• java.lang.Object shouldBeScanned(org.gradle.api.Project project)

  Checks whether the given project should be scanned because either scanProjects is empty or it contains the project's path.

• java.lang.Object shouldBeScanned(java.lang.Object configuration)

  Checks whether the given configuration should be scanned because either scanConfigurations is empty or it contains the configuration's name.

• java.lang.Object shouldBeSkipped(org.gradle.api.Project project)

  Checks whether the given project should be skipped because skipProjects contains the project's path.

• java.lang.Object shouldBeSkipped(java.lang.Object configuration)

  Checks whether the given configuration should be skipped because skipConfigurations contains the configuration's name.

• java.lang.Object shouldBeSkipped(org.gradle.api.artifacts.result.ResolvedArtifactResult artifact)

  Checks whether the given artifact should be skipped because skipGroups contains the artifact's group prefix.

• java.lang.Object shouldBeSkippedAsTest(java.lang.Object configuration)

  Checks whether the given configuration should be skipped because it is a test configuration and skipTestGroups is true.

• java.lang.Object showSummary(org.owasp.dependencycheck.Engine engine)

  Displays a summary of the dependency-check results to the build console.

• java.lang.Object verifySettings()

  Verifies aspects of the configuration to ensure dependency-check can run correctly.