Scan Gradle Plugin Versions Save

What's Changed

• Upgrade to safe version of JGit by @shaikhu in https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/157

No actions/changes required by anyone already using this plugin.

Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.8.0...2.8.1

What's Changed

• New configuration to exclude compileOnly dependencies by @guillermo-varela in https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/156

excludeCompileOnly allows this plugin to behave in a similar way as Sonatype CLM for Maven (since compileOnly is an equivalent of the provided scope on Maven):

ossIndexAudit {
  excludeCompileOnly = true
}

nexusIQScan {
  excludeCompileOnly = true
}

Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.7.0...2.8.0

What's Changed

• #139 Allows to set additional scan targets for IQ evaluations by @guillermo-varela in https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/150

Configure your additional targets as paths or Ant-like patterns for relative paths (to the project's folder) to select the files to be scanned and evaluated using the new scanTargets property.

For example:

nexusIQScan {
    username = 'admin'
    password = 'pass'
    serverUrl = 'http://localhost:8070'
    applicationId = 'app'
    scanTargets = ['package-lock.json', '**/*.lock']
}

Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.6.2...2.7.0

As part of our inclusive language initiatives stemming from our core values "Embrace Inclusion", we are renaming the feature previously known as Policy Violation Grandfathering to Legacy Violations.

See more at https://help.sonatype.com/iqserver/product-information/release-notes#ReleaseNotes-EmbracingInclusionwithLegacyViolations

Fixes #140 so the task will not fail anymore due to cache configuration, only gets a warning message.

What's Changed

A new property variantAttributes was added to set attributes which allow to select the right variant in the case of having multiple release variants.

Full details at: https://github.com/sonatype-nexus-community/scan-gradle-plugin#how-to-deal-with-multiple-release-variants

Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.5.4...2.5.5

What's Changed

The plugin now makes a proper selection of the "release" variant for Android projects when there is a dependency on a module with multiple variants: https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/132

Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.5.3...2.5.4

Thanks to @mealingr the modules XML file generated for Nexus IQ will include the right ID for the parent module for multi-module projects: https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/129

Previously, we were creating applications manually in Nexus IQ Server using a given Organization ID via REST calls.

Now the Automatic Applications feature allows to send an Organization ID different to the one configured as "Parent Organization".

This means, customers who want to automatically create applications set in this plugin can enable the Automatic Applications feature in IQ, select any organization as parent while setting any organizationId needed when configuring the nexusIQScan task.

When there are errors related to API calls to IQ Server, this plugin will try to provide a more useful error message. Hopefully that helps into a better diagnostic of errors without having to run the plugin with the --stacktrace flag.