From: Julien Carsique <julien.carsique@sonarsource.com>
Date: Mon, 11 Apr 2022 08:10:08 +0000 (+0200)
Subject: feat(BUILD-1436): sbom plugin
X-Git-Tag: 9.5.0.56709~102
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=251e1fa5c7bb38ce93dc426ae2e395d44819f721;p=sonarqube.git

feat(BUILD-1436): sbom plugin
---

diff --git a/build.gradle b/build.gradle
index ea393533d46..1161a3759b4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -10,6 +10,7 @@ plugins {
   id 'io.spring.dependency-management' version '1.0.11.RELEASE'
   id 'org.sonarqube' version '3.3'
   id "de.undercouch.download" version "5.0.1" apply false
+  id "org.cyclonedx.bom" version "1.5.0" apply false
 }
 
 if (!JavaVersion.current().java11Compatible) {
diff --git a/gradle.properties b/gradle.properties
index 33aa14f9409..3fe09e79aba 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -13,3 +13,5 @@ elasticsearchDownloadUrlPath=https://artifacts.elastic.co/downloads/elasticsearc
 elasticsearchDownloadRepoxUrlPath=https://repox.jfrog.io/artifactory/sonarsource-bucket/sonarqube/elasticsearch/
 elasticsearchDownloadUrlFile=elasticsearch-7.17.1-no-jdk-linux-x86_64.tar.gz
 elasticsearchDownloadSha512=3f572eed0d0a9140f843dcc07911c32a10bb76c4e2c2a4c904ba3279e0401c58fe0f7c7776a7347fec3acd5dbebf3c9f1888f59e782c3a46c76f038e82d53f7c
+
+projectType=application
diff --git a/sonar-application/build.gradle b/sonar-application/build.gradle
index 6c33d0cb04a..d6316dfa401 100644
--- a/sonar-application/build.gradle
+++ b/sonar-application/build.gradle
@@ -6,6 +6,7 @@ plugins {
   id "com.github.hierynomus.license-report"
   id "com.github.johnrengelman.shadow"
   id "de.undercouch.download"
+  id "org.cyclonedx.bom"
 }
 
 sonarqube {
@@ -32,8 +33,12 @@ configurations {
   bundledPlugin {
     transitive = false
   }
-
+  bundledPlugin_deps {
+    extendsFrom bundledPlugin
+    transitive = true
+  }
   appLicenses.extendsFrom(compile, web, scanner, jsw, jdbc_mssql, jdbc_postgresql, jdbc_h2)
+  cyclonedx
 }
 
 jar.enabled = false
@@ -63,6 +68,7 @@ dependencies {
 
     jsw 'tanukisoft:wrapper:3.2.3'
     scanner project(path: ':sonar-scanner-engine-shaded', configuration: 'shadow')
+    cyclonedx project(path: ':sonar-scanner-engine-shaded')
     web project(':server:sonar-web')
     shutdowner project(':sonar-shutdowner')
 
@@ -307,10 +313,26 @@ artifacts { zip zip }
 
 artifactoryPublish.skip = false
 
+def bomFile = layout.buildDirectory.file('reports/bom.json')
+cyclonedxBom {
+  includeConfigs += ["runtimeClasspath", "jsw", "web", "shutdowner", "jdbc_mssql", "jdbc_postgresql", "jdbc_h2", "bundledPlugin_deps",
+                     "cyclonedx"]
+  outputs.file bomFile
+  outputs.upToDateWhen { false }
+}
+def bomArtifact = artifacts.add('archives', bomFile.get().asFile) {
+  type 'json'
+  classifier 'cyclonedx'
+  builtBy 'cyclonedxBom'
+}
+
 publishing {
   publications {
     mavenJava(MavenPublication) {
       artifact zip
     }
+    mavenJava(MavenPublication) {
+      artifact bomArtifact
+    }
   }
 }
diff --git a/sonar-application/bundled_plugins.gradle b/sonar-application/bundled_plugins.gradle
index 0b9c387f89e..2704e429a55 100644
--- a/sonar-application/bundled_plugins.gradle
+++ b/sonar-application/bundled_plugins.gradle
@@ -1,19 +1,19 @@
 dependencies {    
-    bundledPlugin "org.sonarsource.dotnet:sonar-csharp-plugin@jar"
-    bundledPlugin "org.sonarsource.dotnet:sonar-vbnet-plugin@jar"
-    bundledPlugin 'org.sonarsource.flex:sonar-flex-plugin@jar'
-    bundledPlugin 'org.sonarsource.html:sonar-html-plugin@jar'
-    bundledPlugin 'org.sonarsource.java:sonar-java-plugin@jar'
-    bundledPlugin 'org.sonarsource.jacoco:sonar-jacoco-plugin@jar'
-    bundledPlugin 'org.sonarsource.javascript:sonar-javascript-plugin@jar'
-    bundledPlugin 'org.sonarsource.php:sonar-php-plugin@jar'
-    bundledPlugin 'org.sonarsource.python:sonar-python-plugin@jar'
-    bundledPlugin 'org.sonarsource.slang:sonar-go-plugin@jar'
-    bundledPlugin "org.sonarsource.kotlin:sonar-kotlin-plugin@jar"
-    bundledPlugin "org.sonarsource.slang:sonar-ruby-plugin@jar"
-    bundledPlugin "org.sonarsource.slang:sonar-scala-plugin@jar"
-    bundledPlugin 'org.sonarsource.xml:sonar-xml-plugin@jar'
-    bundledPlugin 'org.sonarsource.config:sonar-config-plugin@jar'
-    bundledPlugin 'org.sonarsource.iac:sonar-iac-plugin@jar'
-    bundledPlugin 'org.sonarsource.text:sonar-text-plugin@jar'
+    bundledPlugin "org.sonarsource.dotnet:sonar-csharp-plugin"
+    bundledPlugin "org.sonarsource.dotnet:sonar-vbnet-plugin"
+    bundledPlugin 'org.sonarsource.flex:sonar-flex-plugin'
+    bundledPlugin 'org.sonarsource.html:sonar-html-plugin'
+    bundledPlugin 'org.sonarsource.java:sonar-java-plugin'
+    bundledPlugin 'org.sonarsource.jacoco:sonar-jacoco-plugin'
+    bundledPlugin 'org.sonarsource.javascript:sonar-javascript-plugin'
+    bundledPlugin 'org.sonarsource.php:sonar-php-plugin'
+    bundledPlugin 'org.sonarsource.python:sonar-python-plugin'
+    bundledPlugin 'org.sonarsource.slang:sonar-go-plugin'
+    bundledPlugin "org.sonarsource.kotlin:sonar-kotlin-plugin"
+    bundledPlugin "org.sonarsource.slang:sonar-ruby-plugin"
+    bundledPlugin "org.sonarsource.slang:sonar-scala-plugin"
+    bundledPlugin 'org.sonarsource.xml:sonar-xml-plugin'
+    bundledPlugin 'org.sonarsource.config:sonar-config-plugin'
+    bundledPlugin 'org.sonarsource.iac:sonar-iac-plugin'
+    bundledPlugin 'org.sonarsource.text:sonar-text-plugin'
 }