Add snyk monitoring (#31)

## Decription This patch adds snyk monitoring to the build pipeline. It will hook itself into the check and publish stages. The patch also sets a dependency helper plugin net.wooga.cve-dependency-resolution which applies overrides for dependencies with know fixes for security issues. ## Changes * ![ADD] `snyk` monitoring * ![ADD] `net.wooga.snyk-wdk-java` snyk convention plugin * ![ADD] `net.wogoa.cve-dependency-resolution` plugin
wooga · Apr 29, 2022 · a9c6e15 · a9c6e15
1 parent 9452517
commit a9c6e15
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 14 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -4,7 +4,8 @@
 withCredentials([usernamePassword(credentialsId: 'github_integration', passwordVariable: 'githubPassword', usernameVariable: 'githubUser'),
                  usernamePassword(credentialsId: 'github_integration_2', passwordVariable: 'githubPassword2', usernameVariable: 'githubUser2'),
                  usernamePassword(credentialsId: 'github_integration_3', passwordVariable: 'githubPassword3', usernameVariable: 'githubUser3'),
-                 string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token')]) {
+                 string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token'),
+                 string(credentialsId: 'atlas_plugins_snyk_token', variable: 'SNYK_TOKEN')]) {
     def testEnvironment = [
             'macos':
                     [

diff --git a/build.gradle b/build.gradle
@@ -16,7 +16,10 @@
  */
 
 plugins {
-    id 'net.wooga.plugins' version '2.2.3'
+    id 'net.wooga.plugins' version '2.3.0'
+    id 'net.wooga.snyk' version '0.10.0'
+    id "net.wooga.snyk-gradle-plugin" version "0.2.0"
+    id "net.wooga.cve-dependency-resolution" version "0.4.0"
 }
 
 group 'net.wooga.gradle'
@@ -40,6 +43,10 @@ repositories {
     mavenCentral()
 }
 
+cveHandler {
+    configurations("compileClasspath", "runtimeClasspath", "testCompileClasspath", "testRuntimeClasspath", "integrationTestCompileClasspath", "integrationTestRuntimeClasspath")
+}
+
 githubPublish {
     targetCommitish.set(null)
 }
@@ -50,17 +57,7 @@ github {
 
 dependencies {
     api 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.2.0'
-    implementation 'gradle.plugin.net.wooga.gradle:atlas-github:2.+'
-    testImplementation 'com.wooga.spock.extensions:spock-github-extension:0.2.0'
+    implementation 'gradle.plugin.net.wooga.gradle:atlas-github:[2,3['
+    testImplementation 'com.wooga.spock.extensions:spock-github-extension:0.3.0'
     testImplementation 'org.ajoberstar.grgit:grgit-core:4.+'
 }
-
-configurations.all {
-    resolutionStrategy {
-        force 'org.codehaus.groovy:groovy-all:2.5.12'
-        force 'org.codehaus.groovy:groovy-macro:2.5.12'
-        force 'org.codehaus.groovy:groovy-nio:2.5.12'
-        force 'org.codehaus.groovy:groovy-sql:2.5.12'
-        force 'org.codehaus.groovy:groovy-xml:2.5.12'
-    }
-}
diff --git a/settings.gradle b/settings.gradle
@@ -1 +1,8 @@
+pluginManagement {
+  repositories {
+    mavenCentral()
+    gradlePluginPortal()
+  }
+}
+
 rootProject.name = 'atlas-dotnet-sonarqube'