How to configure dependencyCheckAnalyze differently than dependencyCheckAggregate?
vidgeus opened this issue · comments
Docs seem to suggest that both tasks dependencyCheckAnalyze
and dependencyCheckAggregate
are configured using dependencyCheck
, see Example section: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration-aggregate.html
But I want to configure them independently, from the root build.gradle
file. I have this code:
allprojects {
apply plugin: 'org.owasp.dependencycheck'
dependencyCheck {
autoUpdate=true
format='ALL'
suppressionFiles = ['my_file.xml']
}
}
What it does: when i run the dependencyCheckAnalyze
task from the root project then it generates reports in the build folder of each module separately. But I want a single report with vulnerabilities from all modules, so I run dependencyCheckAggregate
but it runs forever.
So I changed to code by removing allprojects
part:
apply plugin: 'org.owasp.dependencycheck'
dependencyCheck {
autoUpdate=true
format='ALL'
suppressionFiles = ['my_file.xml']
}
Works well for the dependencyCheckAggregate
but the task dependencyCheckAnalyze
does not exist in sub-modules now, so running that task now only scans the root project, not any of the sub-modules.
What I need: configuration that will make dependencyCheckAggregate
behave like in 2nd example and dependencyCheckAnalyze
like in 1st example. How can I achieve that by touching only the root build.gradle
file?