abstract class AbstractAnalyze extends ConfiguredTask
| Modifiers | Name | Description |
|---|---|---|
static class |
AbstractAnalyze.CheckForFailureResult |
| Type | Name and description |
|---|---|
org.gradle.api.attributes.Attribute |
artifactType |
java.lang.String |
currentProjectName |
| Constructor and description |
|---|
AbstractAnalyze
() |
| Type Params | Return Type | Name and description |
|---|---|---|
|
protected void |
addDependency(org.owasp.dependencycheck.Engine engine, java.lang.String projectName, java.lang.String configurationName, org.gradle.api.artifacts.ModuleVersionIdentifier id, java.lang.String displayName, java.io.File file)Adds a dependency to the engine. |
|
protected void |
addInfoToDependencies(java.util.List<org.owasp.dependencycheck.dependency.Dependency> deps, java.lang.String configurationName, org.gradle.api.artifacts.ModuleVersionIdentifier id, java.util.Set<org.owasp.dependencycheck.dependency.IncludedByReference> includedBy)Adds additional information and evidence to the dependencies. |
|
java.lang.Object |
analyze()Calls dependency-check-core's analysis engine to scan all of the projects dependencies. |
|
protected void |
callIncompatibleWithConfigurationCache()Calls notCompatibleWithConfigurationCache method in order to avoid failures when Gradle configuration cache is enabled. |
|
boolean |
canBeResolved(org.gradle.api.artifacts.Configuration configuration)Determines if the onfiguration can be resolved |
|
CheckForFailureResult |
checkForFailure(org.owasp.dependencycheck.Engine engine)If configured, fails the build if a vulnerability is identified with a CVSS score higher than the failure threshold configured. |
|
java.lang.Object |
cleanup(org.owasp.dependencycheck.Engine engine)Releases resources and removes temporary files used. |
|
java.lang.String |
determineDisplayName()Gets the projects display name. |
|
protected boolean |
hasNotCompatibleWithConfigurationCacheOption()Check if the notCompatibleWithConfigurationCache method exists in the class. |
|
boolean |
isTestConfiguration(org.gradle.api.artifacts.Configuration configuration)Determines if the configuration should be considered a test configuration. |
|
static boolean |
isTestConfigurationCheck(org.gradle.api.artifacts.Configuration configuration)Checks whether a configuration is considered to be a test configuration in order to skip it. |
|
protected void |
processBuildEnvironment(org.gradle.api.Project project, org.owasp.dependencycheck.Engine engine)Process the incoming artifacts for the given project's configurations. |
|
protected void |
processConfigLegacy(org.gradle.api.artifacts.Configuration configuration, org.owasp.dependencycheck.Engine engine)Process the incoming artifacts for the given project's configurations using APIs pre-gradle 4.0. |
|
protected void |
processConfigV4(org.gradle.api.Project project, org.gradle.api.artifacts.Configuration configuration, org.owasp.dependencycheck.Engine engine, boolean scanningBuildEnv)Process the incoming artifacts for the given project's configurations using APIs introduced in gradle 4.0+. |
|
protected void |
processConfigurations(org.gradle.api.Project project, org.owasp.dependencycheck.Engine engine)Process the incoming artifacts for the given project's configurations. |
|
abstract java.lang.Object |
scanDependencies(org.owasp.dependencycheck.Engine engine)Loads the projects dependencies into the dependency-check analysis engine. |
|
void |
sendSlackNotification(CheckForFailureResult checkForFailureResult) |
|
java.lang.Object |
shouldBeScanned(org.gradle.api.Project project)Checks whether the given project should be scanned because either scanProjects is empty or it contains the project's path. |
|
boolean |
shouldBeScanned(org.gradle.api.artifacts.Configuration configuration)Checks whether the given configuration should be scanned because either scanConfigurations is empty or it contains the configuration's name. |
|
java.lang.Object |
shouldBeSkipped(org.gradle.api.Project project)Checks whether the given project should be skipped because skipProjects contains the project's path. |
|
boolean |
shouldBeSkipped(org.gradle.api.artifacts.Configuration configuration)Checks whether the given configuration should be skipped because skipConfigurations contains the configuration's name. |
|
java.lang.Object |
shouldBeSkipped(org.gradle.api.artifacts.result.ResolvedArtifactResult artifact)Checks whether the given artifact should be skipped because skipGroups contains the artifact's group prefix. |
|
boolean |
shouldBeSkippedAsTest(org.gradle.api.artifacts.Configuration configuration)Checks whether the given configuration should be skipped because it is a test configuration and skipTestGroups is true. |
|
java.lang.Object |
showSummary(org.owasp.dependencycheck.Engine engine)Displays a summary of the dependency-check results to the build console. |
|
java.lang.Object |
verifySettings()Verifies aspects of the configuration to ensure dependency-check can run correctly. |
| Methods inherited from class | Name |
|---|---|
class ConfiguredTask |
initializeSettings |
Adds a dependency to the engine. This is used when an artifact is scanned that is not supported by dependency-check (different dependency type for possibly new language).
engine - a reference to the engineprojectName - the project nameconfigurationName - the configuration namegroup - the group idname - the name or artifact idversion - the version numberdisplayName - the display nameAdds additional information and evidence to the dependencies.
deps - the list of dependencies that will be updatedconfigurationName - the configuration name that the artifact was identified ingroup - the group id for the artifact coordinatesartifact - the artifact id for the artifact coordinatesversion - the version number for the artifact coordinatesCalls dependency-check-core's analysis engine to scan all of the projects dependencies.
Calls notCompatibleWithConfigurationCache method in order to avoid failures when Gradle configuration cache is enabled.
Determines if the onfiguration can be resolved
configuration - the configuration to inspectIf configured, fails the build if a vulnerability is identified with a CVSS score higher than the failure threshold configured.
Releases resources and removes temporary files used.
Gets the projects display name. Project.getDisplayName() has been introduced with Gradle 3.3, thus we need to check for the method's existence first. Fallback: use project NAME
Check if the notCompatibleWithConfigurationCache method exists in the class.
Determines if the configuration should be considered a test configuration.
configuration - the configuration to insepctChecks whether a configuration is considered to be a test configuration in order to skip it. A configuration is considered a test configuration if and only if any of the following conditions holds:
Process the incoming artifacts for the given project's configurations.
project - the project to analyzeengine - the dependency-check engineProcess the incoming artifacts for the given project's configurations using APIs pre-gradle 4.0.
project - the project to analyzeengine - the dependency-check engineProcess the incoming artifacts for the given project's configurations using APIs introduced in gradle 4.0+.
project - the project to analyzeconfiguration - a particular configuration of the project to analyzeengine - the dependency-check enginescanningBuildEnv - true if scanning the build environment; otherwise falseProcess the incoming artifacts for the given project's configurations.
project - the project to analyzeengine - the dependency-check engineLoads the projects dependencies into the dependency-check analysis engine.
Checks whether the given project should be scanned because either scanProjects is empty or it contains the project's path.
Checks whether the given configuration should be scanned because either scanConfigurations is empty or it contains the configuration's name.
Checks whether the given project should be skipped because skipProjects contains the project's path.
Checks whether the given configuration should be skipped because skipConfigurations contains the configuration's name.
Checks whether the given artifact should be skipped because skipGroups contains the artifact's group prefix.
Checks whether the given configuration should be skipped because it is a test configuration and skipTestGroups is true.
Displays a summary of the dependency-check results to the build console.
Verifies aspects of the configuration to ensure dependency-check can run correctly.
Groovy Documentation