sonatype-nexus-community / scan-gradle-plugin

Gradle plugin that scans the dependencies of a Gradle project using Sonatype platforms: OSS Index and Nexus IQ Server.
Apache License 2.0
77 stars 22 forks source link

#155 add failOnDetection plugin configuration #158

Closed sgilhooly closed 6 months ago

sgilhooly commented 7 months ago

This adds a failOnDetection setting to the OssIndexAudit extension.

This pull request makes the following changes:

The default value, false, has no effect on the existing behavior. But if set to true the OssIndexAudit task will not fail when vulnerabilities are detected. This allows builds to generate a report as part of a larger pipeline and decide for themselves what to do with the findings.

The change is pretty small and simple. Maybe too simple. It doesn't touch anything with the Nexus IQ -- I'm not sure if that is needed or not.

It relates to the following issue #s:

cc @bhamail / @DarthHater / @guillermo-varela / @shaikhu

guillermo-varela commented 6 months ago

Thank you so much for your contribution @sgilhooly!

This will be available in the next version.

guillermo-varela commented 6 months ago

The change is pretty small and simple. Maybe too simple. It doesn't touch anything with the Nexus IQ -- I'm not sure if that is needed or not.

Don't worry about that, no need to alter how it works with Nexus IQ as that task has its own logic.