Uses gradle-dependency-checker
to identify CVE vulnerabilites on gradle files
Before using this step, you must setup dependency-check-gradle on your project because gradle doesn't allow to add dependency on the fly.
Example for a React Native / Android project:
buildscript {
(...)
dependencies {
classpath 'org.owasp:dependency-check-gradle:6.1.6'
}
}
allprojects {
apply plugin: 'org.owasp.dependencycheck'
dependencyCheck {
format = 'HTML'
failBuildOnCVSS = 7
outputDirectory = System.env.BITRISE_DEPLOY_DIR
}
}
⚠️ outputDirectory
field with path System.env.BITRISE_DEPLOY_DIR
is mandatory for this step
ℹ️ You can set skipConfigurations
to not check configured configurations
allprojects {
apply plugin: 'org.owasp.dependencycheck'
dependencyCheck {
format = 'HTML'
failBuildOnCVSS = 7
outputDirectory = System.env.BITRISE_DEPLOY_DIR
skipConfigurations += 'lintClassPath'
}
Can be run directly with the bitrise CLI,
just git clone
this repository, cd
into it's folder in your Terminal/Command Line
and call bitrise run test
.
Check the bitrise.yml
file for required inputs which have to be
added to your .bitrise.secrets.yml
file!
Step by step:
git clone
the repositorycd
into the directory of the step (the one you just git clone
d).bitrise.secrets.yml
file in the same directory of bitrise.yml
(the .bitrise.secrets.yml
is a git ignored file, you can store your secrets in it)bitrise.yml
file for any secret you should set in .bitrise.secrets.yml
# define these in your .bitrise.secrets.yml
, in the app:envs
section..bitrise.secrets.yml
you can just run this step with the bitrise CLI: bitrise run test
An example .bitrise.secrets.yml
file:
envs:
- A_SECRET_PARAM_ONE: the value for secret one
- A_SECRET_PARAM_TWO: the value for secret two
step.sh
with your functionalitystep.yml
(inputs
section)step.yml
toobitrise.yml
bitrise run test
- if it works, you're readyFor Step development guidelines & best practices check this documentation: https://github.com/bitrise-io/bitrise/blob/master/_docs/step-development-guideline.md.
NOTE:
If you want to use your step in your project's bitrise.yml
:
bitrise.yml
with the git::PUBLIC-GIT-CLONE-URL@BRANCH
step reference style:- git::https://github.com/user/my-step.git@branch:
title: My step
inputs:
- my_input_1: "my value 1"
- my_input_2: "my value 2"
You can find more examples of step reference styles in the bitrise CLI repository.
git clone
itbitrise
project, either on your Mac or on bitrise.iobitrise.yml
with either a relative path, or with a git URL format- original-step-id:
use - path::./relative/path/of/script/on/your/Mac:
- original-step-id:
use - git::https://github.com/user/step.git@branch:
You can share your Step or step version with the bitrise CLI. If you use the bitrise.yml
included in this repository, all you have to do is:
cd
into this directory (where the bitrise.yml
of the step is located)bitrise run test
to test the stepbitrise run audit-this-step
to audit the step.yml
share-this-step
workflow in the bitrise.yml
, and fill out the
envs
if you haven't done so already (don't forget to bump the version number if this is an update
of your step!)bitrise run share-this-step
to share the step (version) you specified in the envs
bitrise run share-this-step
That's all ;)