From a9c6e15e4ffeb3a2a121829ea2ba49cb95fb9a2f Mon Sep 17 00:00:00 2001 From: Joaquim Alvino de Mesquita Neto Date: Fri, 29 Apr 2022 09:13:54 +0200 Subject: [PATCH] Add snyk monitoring (#31) ## Decription This patch adds snyk monitoring to the build pipeline. It will hook itself into the check and publish stages. The patch also sets a dependency helper plugin net.wooga.cve-dependency-resolution which applies overrides for dependencies with know fixes for security issues. ## Changes * ![ADD] `snyk` monitoring * ![ADD] `net.wooga.snyk-wdk-java` snyk convention plugin * ![ADD] `net.wogoa.cve-dependency-resolution` plugin --- Jenkinsfile | 3 ++- build.gradle | 23 ++++++++++------------- settings.gradle | 7 +++++++ 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d84cc9e..77090e1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,7 +4,8 @@ withCredentials([usernamePassword(credentialsId: 'github_integration', passwordVariable: 'githubPassword', usernameVariable: 'githubUser'), usernamePassword(credentialsId: 'github_integration_2', passwordVariable: 'githubPassword2', usernameVariable: 'githubUser2'), usernamePassword(credentialsId: 'github_integration_3', passwordVariable: 'githubPassword3', usernameVariable: 'githubUser3'), - string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token')]) { + string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token'), + string(credentialsId: 'atlas_plugins_snyk_token', variable: 'SNYK_TOKEN')]) { def testEnvironment = [ 'macos': [ diff --git a/build.gradle b/build.gradle index 8a37b1f..4b465fe 100644 --- a/build.gradle +++ b/build.gradle @@ -16,7 +16,10 @@ */ plugins { - id 'net.wooga.plugins' version '2.2.3' + id 'net.wooga.plugins' version '2.3.0' + id 'net.wooga.snyk' version '0.10.0' + id "net.wooga.snyk-gradle-plugin" version "0.2.0" + id "net.wooga.cve-dependency-resolution" version "0.4.0" } group 'net.wooga.gradle' @@ -40,6 +43,10 @@ repositories { mavenCentral() } +cveHandler { + configurations("compileClasspath", "runtimeClasspath", "testCompileClasspath", "testRuntimeClasspath", "integrationTestCompileClasspath", "integrationTestRuntimeClasspath") +} + githubPublish { targetCommitish.set(null) } @@ -50,17 +57,7 @@ github { dependencies { api 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.2.0' - implementation 'gradle.plugin.net.wooga.gradle:atlas-github:2.+' - testImplementation 'com.wooga.spock.extensions:spock-github-extension:0.2.0' + implementation 'gradle.plugin.net.wooga.gradle:atlas-github:[2,3[' + testImplementation 'com.wooga.spock.extensions:spock-github-extension:0.3.0' testImplementation 'org.ajoberstar.grgit:grgit-core:4.+' } - -configurations.all { - resolutionStrategy { - force 'org.codehaus.groovy:groovy-all:2.5.12' - force 'org.codehaus.groovy:groovy-macro:2.5.12' - force 'org.codehaus.groovy:groovy-nio:2.5.12' - force 'org.codehaus.groovy:groovy-sql:2.5.12' - force 'org.codehaus.groovy:groovy-xml:2.5.12' - } -} diff --git a/settings.gradle b/settings.gradle index 0cfde17..fd2f983 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1 +1,8 @@ +pluginManagement { + repositories { + mavenCentral() + gradlePluginPortal() + } +} + rootProject.name = 'atlas-dotnet-sonarqube'