Releases: sonatype-nexus-community/scan-gradle-plugin
Parent modules for Nexus IQ
Contributors
Assets 2
Automatic Applications in Nexus IQ Server
Previously, we were creating applications manually in Nexus IQ Server using a given Organization ID via REST calls.
Now the Automatic Applications feature allows to send an Organization ID different to the one configured as "Parent Organization".
This means, customers who want to automatically create applications set in this plugin can enable the Automatic Applications feature in IQ, select any organization as parent while setting any organizationId needed when configuring the nexusIQScan task.
Error message improved for IQ Server issues
When there are errors related to API calls to IQ Server, this plugin will try to provide a more useful error message.
Hopefully that helps into a better diagnostic of errors without having to run the plugin with the --stacktrace flag.
Improvements in Android Project Scanning and New Contributors experience
- Composite builds and dependency substitution in Android projects will now execute successfully for the complete plugin: #117
- Internal change: thanks to the work @eduard-tita did on the library
nexus-platform-apithis project no longer needs to include a submodule of it to apply package relocation: #121. End users will not be impacted by this change, but new contributors will find this plugin friendlier to setup locally 🙂
Contributors
Assets 2
Include commons-io into shadowed module and proper publishing
Contributors
Assets 2
Sherlock Trunks now uses CycloneDX
#94 lead to having a new output for the OSS Index results, in the form of a JSON file using the CycloneDX 1.4 specification.
Having a third output format made the boolean flag isDependencyGraph no longer good enough, so a breaking change was made in order to allow more than 2 formats: isDependencyGraph was replaced with outputFormat and its possible values:
DEFAULT: same asisDependencyGraph=false(or omitted), prints a colored list of dependencies with their vulnerability indented.DEPENDENCY_GRAPH: same asisDependencyGraph=true, prints the dependency graph showing direct/transitive dependencies.JSON_CYCLONE_DX_1_4: generates a file using the CycloneDX 1.4 SBOM specification in JSON format.
Include and exclude modules for OSS Index
The ossIndexAudit task now includes the properties modulesIncluded and modulesExcluded which allow to set modules to include or exclude when detecting dependencies to audit.
Thanks to @TheoLassonder who suggested this feature and submitted the PR for it:
#109
Contributors
Assets 2
Discover Git commit for Nexus IQ scans
When running a scan for Nexus IQ the plugin will discover the latest Git commit hash and it will be associated in the evaluation report.
Automatic application creation with specific organization
Nexus IQ Server provides a feature where a non-existing application can be created automatically under a predefined organization: https://help.sonatype.com/iqserver/managing/application-management/managing-automatic-applications
Issue #82 exposed a use case where not all applications to be created automatically should be under the same organization.
This version introduces a new property organizationId on the nexusIQScan configuration that, if provided, a validation will be done to check if the given application ID exists under the organization ID. If the application doesn't exists, then it will be created under the organization.
New index task to save a module descriptor for Nexus IQ
Brings the "index" feature from the Maven plugin so a XML can be generated and later used by Sonatype CI tools: https://help.sonatype.com/integrations/sonatype-clm-for-maven#SonatypeCLMforMaven-CreatingaComponentIndex
Modules in a multi-module project can be excluded using this optional configuration in the build.gradle file:
nexusIQIndex {
modulesExcluded = ['module-1', 'module-2']
}