Gradle plugin that scans the dependencies of a Gradle project using Sonatype platforms: OSS Index and Nexus IQ Server.
No actions/changes required by anyone already using this plugin.
Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.8.0...2.8.1
compileOnly
dependencies by @guillermo-varela in https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/156
excludeCompileOnly
allows this plugin to behave in a similar way as Sonatype CLM for Maven (since compileOnly
is an equivalent of the provided
scope on Maven):
ossIndexAudit {
excludeCompileOnly = true
}
nexusIQScan {
excludeCompileOnly = true
}
Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.7.0...2.8.0
Configure your additional targets as paths or Ant-like patterns for relative paths (to the project's folder) to select the files to be scanned and evaluated using the new scanTargets
property.
For example:
nexusIQScan {
username = 'admin'
password = 'pass'
serverUrl = 'http://localhost:8070'
applicationId = 'app'
scanTargets = ['package-lock.json', '**/*.lock']
}
Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.6.2...2.7.0
As part of our inclusive language initiatives stemming from our core values "Embrace Inclusion", we are renaming the feature previously known as Policy Violation Grandfathering to Legacy Violations.
Fixes #140 so the task will not fail anymore due to cache configuration, only gets a warning message.
A new property variantAttributes
was added to set attributes which allow to select the right variant in the case of having multiple release variants.
Full details at: https://github.com/sonatype-nexus-community/scan-gradle-plugin#how-to-deal-with-multiple-release-variants
Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.5.4...2.5.5
The plugin now makes a proper selection of the "release" variant for Android projects when there is a dependency on a module with multiple variants: https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/132
Full Changelog: https://github.com/sonatype-nexus-community/scan-gradle-plugin/compare/2.5.3...2.5.4
Thanks to @mealingr the modules XML file generated for Nexus IQ will include the right ID for the parent module for multi-module projects: https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/129
Previously, we were creating applications manually in Nexus IQ Server using a given Organization ID via REST calls.
Now the Automatic Applications feature allows to send an Organization ID different to the one configured as "Parent Organization".
This means, customers who want to automatically create applications set in this plugin can enable the Automatic Applications feature in IQ, select any organization as parent while setting any organizationId
needed when configuring the nexusIQScan
task.
When there are errors related to API calls to IQ Server, this plugin will try to provide a more useful error message.
Hopefully that helps into a better diagnostic of errors without having to run the plugin with the --stacktrace
flag.