search

fossas / fossa-cli

Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
https://fossa.com
Other
1.28k stars 173 forks source link

Gradle reachability #1377

Closed meghfossa closed 8 months ago

meghfossa commented 8 months ago

Overview

This PR,

Acceptance criteria

Testing plan

git checkout feat/reachability-in-cli-gradle && make install-dev
  1. get example project: https://docs.gradle.org/current/samples/sample_building_java_applications_multi_project.html 
    
./gradlew build
fossa-dev analyze -o --debug

gunzip fossa.debug.json.gz cat fossa.debug.json | jq '.bundleReachabilityRaw' # you should see parsed jars



## Risks

N/A

## Metrics

N/A

## References

https://fossa.atlassian.net/browse/ANE-1413

## Checklist

- [x] I added tests for this PR's change (or explained in the PR description why tests don't make sense).
- [x] If this PR introduced a user-visible change, I added documentation into `docs/`.
- [x] If this PR added docs, I added links as appropriate to the user manual's ToC in `docs/README.ms` and gave consideration to how discoverable or not my documentation is.
- [x] If this change is externally visible, I updated `Changelog.md`. If this PR did not mark a release, I added my changes into an `# Unreleased` section at the top.
- [x] If I made changes to `.fossa.yml` or `fossa-deps.{json.yml}`, I updated `docs/references/files/*.schema.json` AND I have updated example files used by `fossa init` command. You may also need to update these if you have added/removed new dependency type (e.g. `pip`) or analysis target type (e.g. `poetry`).
- [x] If I made changes to a subcommand's options, I updated `docs/references/subcommands/<subcommand>.md`.