refactor: align dependency check with moderneinc (#49)

openrewrite · Aug 9, 2024 · a1d8602 · a1d8602
1 parent 2dda7d7
commit a1d8602
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -22,8 +22,10 @@ configure<nebula.plugin.release.git.base.ReleasePluginExtension> {
 
 configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
     analyzers.assemblyEnabled = false
+    analyzers.nodeAuditEnabled = false
+    analyzers.nodeEnabled = false
     failBuildOnCVSS = 9.0F
-    suppressionFile = "suppressions.xml"
+    failBuildOnCVSS = System.getenv("FAIL_BUILD_ON_CVSS")?.toFloatOrNull() ?: 9.0F
     nvd.apiKey = System.getenv("NVD_API_KEY")
 }
 

diff --git a/src/main/java/org/openrewrite/gradle/RewriteDependencyCheckPlugin.java b/src/main/java/org/openrewrite/gradle/RewriteDependencyCheckPlugin.java
@@ -15,25 +15,35 @@
  */
 package org.openrewrite.gradle;
 
-
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
 import org.owasp.dependencycheck.gradle.DependencyCheckPlugin;
 import org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension;
 
-import java.util.Collections;
-
 public class RewriteDependencyCheckPlugin implements Plugin<Project> {
 
     @Override
     public void apply(Project project) {
         project.getPlugins().apply(DependencyCheckPlugin.class);
 
+        float failBuildOnCVSS = Float
+                .parseFloat(System.getenv("FAIL_BUILD_ON_CVSS") != null ? System.getenv("FAIL_BUILD_ON_CVSS") : "9");
+
+        // check to see if `suppressions.xml` exists in project root
+        if (project.file("suppressions.xml").exists()) {
+            project.getExtensions().configure(DependencyCheckExtension.class, ext -> {
+                ext.setSuppressionFile(project.file("suppressions.xml").getPath());
+            });
+        }
+
         project.getExtensions().configure(DependencyCheckExtension.class, ext -> {
             ext.getAnalyzers().setAssemblyEnabled(false);
-            ext.setFailBuildOnCVSS(9.0f);
-            ext.setScanProjects(Collections.singletonList(project.getName()));
+            ext.getAnalyzers().setNodeAuditEnabled(false);
+            ext.getAnalyzers().setNodeEnabled(false);
+            ext.setFailBuildOnCVSS(failBuildOnCVSS);
             ext.getNvd().setApiKey(System.getenv("NVD_API_KEY"));
+
         });
+
     }
 }