Example/documentation for adding database driver in Gradle

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.34k stars 1.26k forks source link

Example/documentation for adding database driver in Gradle #6364

Open sergeykad opened 8 months ago

sergeykad commented 8 months ago

I found the example for configuring DB driver dependency for Maven, but is there a similar explanation for Gradle?

I suppose I can add it to the buildscript block, but I think this approach is discouraged in the last Gradle versions. Maybe there is a separate configuration available that allows to specify it like the following?

dependencies {
        dependencyCheck 'org.postgresql:postgresql:42.7.1'
}

The main issue with using buildscript block AFAIK is that dependencies can leak into the project being built or other plugins.

jeremylong commented 8 months ago

At the moment - the buildScript is the only option. We need to implement a new configuration for "plugins" and dependencies for dependency-check.

For future implementation ideas:

define/extend configuration: https://github.com/shwenzhang/AndResGuard/blob/e4df245d82f27d9a2d0dd108260a3510cbaba849/AndResGuard-gradle-plugin/src/main/groovy/com/tencent/gradle/ExecutorExtension.groovy#L48
add the configuration to the tasks classpath: https://github.com/jk1/Gradle-License-Report/blob/232fc7e6152f8d064a5e4757d4f3693a6ad808e3/src/main/groovy/com/github/jk1/license/task/CacheableReportTask.groovy#L27

ssi-ips commented 6 months ago

With the increasing problems of the NVD API in the last weeks I think more people will start to adopt the central db approach to decouple the the analyze and update steps and run into the same problem.

It would be nice to give this some priority as adding dependencies to the buildScript block has some major drawbacks.