forked from essepuntato/LODE
-
Notifications
You must be signed in to change notification settings - Fork 2
/
build.gradle
90 lines (77 loc) · 2.21 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
plugins {
id 'org.springframework.boot' version '2.7.13'
id 'io.spring.dependency-management' version '1.1.0'
id 'java'
id "org.owasp.dependencycheck" version "8.2.1"
id 'com.github.spotbugs' version '4.7.3'
}
group = 'it.gov.innovazione'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '11'
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
}
dependencies {
implementation('org.springframework.boot:spring-boot-starter-web') {
exclude group: 'org.yaml'
exclude group: 'com.fasterxml.jackson.core'
}
compileOnly 'org.projectlombok:lombok'
implementation 'org.owasp.encoder:encoder:1.2.3'
implementation 'commons-io:commons-io:2.11.0'
implementation 'net.sf.saxon:Saxon-HE:11.4'
annotationProcessor 'org.projectlombok:lombok'
annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
tasks.named('test') {
useJUnitPlatform()
}
spotbugs {
toolVersion = '4.7.3'
}
spotbugsMain {
excludeFilter = file("${rootProject.projectDir}/config/spotbugs/exclude-filter.xml")
reports {
html {
enabled = true
destination = file("$buildDir/reports/spotbugs/main/spotbugs.html")
}
}
}
spotbugsTest {
excludeFilter = file("${rootProject.projectDir}/config/spotbugs/exclude-filter.xml")
reports {
html {
enabled = true
destination = file("$buildDir/reports/spotbugs/test/spotbugs.html")
}
}
}
dependencyCheck {
skipConfigurations = ['spotbugs']
//set up a quality gate for vulnerabilities with high severity level:
//let's consider that a vulnerability has a high severity level if its CVSS score is higher than 7
//the build is going to fail if vulnerabilities with high severity level found
failBuildOnCVSS = 7
//specify a list of known issues which contain:
//false-positives
//confirmed vulnerabilities which are not fixed yet, but we have a ticket for that
suppressionFile = 'config/dependency-check/dependency-check-known-issues.xml'
}
gradle.taskGraph.whenReady { graph ->
if (graph.hasTask(build)) {
spotbugsMain.enabled = false
dependencyCheckAnalyze.enabled = false
spotbugsTest.enabled = false
}
}
bootJar {
enabled = true
archiveName("lode.jar")
}