feat(BUILD-1436): sbom plugin

author Julien Carsique <julien.carsique@sonarsource.com>

Mon, 11 Apr 2022 08:10:08 +0000 (10:10 +0200)

committer sonartech <sonartech@sonarsource.com>

Tue, 24 May 2022 20:10:14 +0000 (20:10 +0000)
author Julien Carsique <julien.carsique@sonarsource.com>
Mon, 11 Apr 2022 08:10:08 +0000 (10:10 +0200)
committer sonartech <sonartech@sonarsource.com>
Tue, 24 May 2022 20:10:14 +0000 (20:10 +0000)
diff --git a/build.gradle b/build.gradle

index ea393533d465b28e9e5a27465f93c52018e3ccef..1161a3759b47db5c143adadb237649518ef07e19 100644 (file)
--- a/build.gradle
+++ b/build.gradle
@@ -10,6 +10,7 @@ plugins {
    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
    id 'org.sonarqube' version '3.3'
    id "de.undercouch.download" version "5.0.1" apply false
+  id "org.cyclonedx.bom" version "1.5.0" apply false
  }
  
  if (!JavaVersion.current().java11Compatible) {
diff --git a/gradle.properties b/gradle.properties

index 33aa14f94097cab95606ae901290ccf3fd1155c2..3fe09e79abaa64efd7e708066b295ce01e323692 100644 (file)
--- a/gradle.properties
+++ b/gradle.properties
@@ -13,3 +13,5 @@ elasticsearchDownloadUrlPath=https://artifacts.elastic.co/downloads/elasticsearc
  elasticsearchDownloadRepoxUrlPath=https://repox.jfrog.io/artifactory/sonarsource-bucket/sonarqube/elasticsearch/
  elasticsearchDownloadUrlFile=elasticsearch-7.17.1-no-jdk-linux-x86_64.tar.gz
  elasticsearchDownloadSha512=3f572eed0d0a9140f843dcc07911c32a10bb76c4e2c2a4c904ba3279e0401c58fe0f7c7776a7347fec3acd5dbebf3c9f1888f59e782c3a46c76f038e82d53f7c
+
+projectType=application
diff --git a/sonar-application/build.gradle b/sonar-application/build.gradle

index 6c33d0cb04a9de7fd04cc6c0b925b70a3856e0d6..d6316dfa40140c5a37db6ff2d42f961c529d825f 100644 (file)
--- a/sonar-application/build.gradle
+++ b/sonar-application/build.gradle
@@ -6,6 +6,7 @@ plugins {
    id "com.github.hierynomus.license-report"
    id "com.github.johnrengelman.shadow"
    id "de.undercouch.download"
+  id "org.cyclonedx.bom"
  }
  
  sonarqube {
@@ -32,8 +33,12 @@ configurations {
    bundledPlugin {
      transitive = false
    }
-
+  bundledPlugin_deps {
+    extendsFrom bundledPlugin
+    transitive = true
+  }
    appLicenses.extendsFrom(compile, web, scanner, jsw, jdbc_mssql, jdbc_postgresql, jdbc_h2)
+  cyclonedx
  }
  
  jar.enabled = false
@@ -63,6 +68,7 @@ dependencies {
  
      jsw 'tanukisoft:wrapper:3.2.3'
      scanner project(path: ':sonar-scanner-engine-shaded', configuration: 'shadow')
+    cyclonedx project(path: ':sonar-scanner-engine-shaded')
      web project(':server:sonar-web')
      shutdowner project(':sonar-shutdowner')
  
@@ -307,10 +313,26 @@ artifacts { zip zip }
  
  artifactoryPublish.skip = false
  
+def bomFile = layout.buildDirectory.file('reports/bom.json')
+cyclonedxBom {
+  includeConfigs += ["runtimeClasspath", "jsw", "web", "shutdowner", "jdbc_mssql", "jdbc_postgresql", "jdbc_h2", "bundledPlugin_deps",
+                     "cyclonedx"]
+  outputs.file bomFile
+  outputs.upToDateWhen { false }
+}
+def bomArtifact = artifacts.add('archives', bomFile.get().asFile) {
+  type 'json'
+  classifier 'cyclonedx'
+  builtBy 'cyclonedxBom'
+}
+
  publishing {
    publications {
      mavenJava(MavenPublication) {
        artifact zip
      }
+    mavenJava(MavenPublication) {
+      artifact bomArtifact
+    }
    }
  }
diff --git a/sonar-application/bundled_plugins.gradle b/sonar-application/bundled_plugins.gradle

index 0b9c387f89ecdc18ff036c56fea8170b048f48e3..2704e429a55dec0fd7407b740d3b00419d69c092 100644 (file)
--- a/sonar-application/bundled_plugins.gradle
+++ b/sonar-application/bundled_plugins.gradle
@@ -1,19 +1,19 @@
  dependencies {    
-    bundledPlugin "org.sonarsource.dotnet:sonar-csharp-plugin@jar"
-    bundledPlugin "org.sonarsource.dotnet:sonar-vbnet-plugin@jar"
-    bundledPlugin 'org.sonarsource.flex:sonar-flex-plugin@jar'
-    bundledPlugin 'org.sonarsource.html:sonar-html-plugin@jar'
-    bundledPlugin 'org.sonarsource.java:sonar-java-plugin@jar'
-    bundledPlugin 'org.sonarsource.jacoco:sonar-jacoco-plugin@jar'
-    bundledPlugin 'org.sonarsource.javascript:sonar-javascript-plugin@jar'
-    bundledPlugin 'org.sonarsource.php:sonar-php-plugin@jar'
-    bundledPlugin 'org.sonarsource.python:sonar-python-plugin@jar'
-    bundledPlugin 'org.sonarsource.slang:sonar-go-plugin@jar'
-    bundledPlugin "org.sonarsource.kotlin:sonar-kotlin-plugin@jar"
-    bundledPlugin "org.sonarsource.slang:sonar-ruby-plugin@jar"
-    bundledPlugin "org.sonarsource.slang:sonar-scala-plugin@jar"
-    bundledPlugin 'org.sonarsource.xml:sonar-xml-plugin@jar'
-    bundledPlugin 'org.sonarsource.config:sonar-config-plugin@jar'
-    bundledPlugin 'org.sonarsource.iac:sonar-iac-plugin@jar'
-    bundledPlugin 'org.sonarsource.text:sonar-text-plugin@jar'
+    bundledPlugin "org.sonarsource.dotnet:sonar-csharp-plugin"
+    bundledPlugin "org.sonarsource.dotnet:sonar-vbnet-plugin"
+    bundledPlugin 'org.sonarsource.flex:sonar-flex-plugin'
+    bundledPlugin 'org.sonarsource.html:sonar-html-plugin'
+    bundledPlugin 'org.sonarsource.java:sonar-java-plugin'
+    bundledPlugin 'org.sonarsource.jacoco:sonar-jacoco-plugin'
+    bundledPlugin 'org.sonarsource.javascript:sonar-javascript-plugin'
+    bundledPlugin 'org.sonarsource.php:sonar-php-plugin'
+    bundledPlugin 'org.sonarsource.python:sonar-python-plugin'
+    bundledPlugin 'org.sonarsource.slang:sonar-go-plugin'
+    bundledPlugin "org.sonarsource.kotlin:sonar-kotlin-plugin"
+    bundledPlugin "org.sonarsource.slang:sonar-ruby-plugin"
+    bundledPlugin "org.sonarsource.slang:sonar-scala-plugin"
+    bundledPlugin 'org.sonarsource.xml:sonar-xml-plugin'
+    bundledPlugin 'org.sonarsource.config:sonar-config-plugin'
+    bundledPlugin 'org.sonarsource.iac:sonar-iac-plugin'
+    bundledPlugin 'org.sonarsource.text:sonar-text-plugin'
  }
author	Julien Carsique <julien.carsique@sonarsource.com>
	Mon, 11 Apr 2022 08:10:08 +0000 (10:10 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Tue, 24 May 2022 20:10:14 +0000 (20:10 +0000)
build.gradle		patch \| blob \| history
gradle.properties		patch \| blob \| history
sonar-application/build.gradle		patch \| blob \| history
sonar-application/bundled_plugins.gradle		patch \| blob \| history