feat: task configuration

src/main/groovy/org/owasp/dependencycheck/gradle/extension/AdditionalCpe.groovy

@@ -4,6 +4,7 @@ import org.gradle.api.Named
 import org.gradle.api.model.ObjectFactory
 import org.gradle.api.provider.Property
 import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Internal
 import org.gradle.api.tasks.Optional
 
 import javax.inject.Inject
@@ -28,6 +29,7 @@ class AdditionalCpe implements Named {
     /**
      * Name assigned to the CPE entry during configuration.
      */
+    @Internal
     @Override
     String getName() {
         return name

src/main/groovy/org/owasp/dependencycheck/gradle/extension/AnalyzeTaskConfig.groovy

@@ -0,0 +1,106 @@
+package org.owasp.dependencycheck.gradle.extension
+
+import org.gradle.api.NamedDomainObjectContainer
+import org.gradle.api.file.ConfigurableFileCollection
+import org.gradle.api.provider.ListProperty
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.InputFiles
+import org.gradle.api.tasks.Internal
+import org.gradle.api.tasks.Nested
+import org.gradle.api.tasks.Optional
+
+abstract class AnalyzeTaskConfig implements DependencyCheckTaskConfig {
+    /**
+     * If set to true dependency-check analysis will be skipped.
+     */
+    @Input
+    abstract Property<Boolean> getSkip()
+    /**
+     * The default artifact types that will be analyzed.
+     */
+    @Input
+    abstract ListProperty<String> getAnalyzedTypes()
+    /**
+     * The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL).
+     */
+    @Optional
+    @Input
+    abstract Property<String> getFormat()
+    /**
+     * A list of report formats to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL).
+     */
+    @Input
+    abstract ListProperty<String> getFormats()
+    /**
+     * A boolean indicating whether to scan the <i>buildEnv</i>.
+     */
+    @Input
+    abstract Property<Boolean> getScanBuildEnv()
+    /**
+     * A boolean indicating whether to scan the <i>dependencies</i>.
+     */
+    @Input
+    abstract Property<Boolean> getScanDependencies()
+    /**
+     * A list of configurations that will be scanned, all other configurations are skipped.
+     * This is mutually exclusive with the {@link #getSkipConfigurations skipConfigurations} property.
+     */
+    @Input
+    abstract ListProperty<String> getScanConfigurations()
+    /**
+     * A list of configurations that will be skipped.
+     * This is mutually exclusive with the {@link #getScanConfigurations scanConfigurations} property.
+     */
+    @Input
+    abstract ListProperty<String> getSkipConfigurations()
+    /**
+     * A list of projects that will be scanned, all other projects are skipped.
+     * The list or projects to skip must include a preceding colon: <code>scanProjects = [':app']</code>.
+     * This is mutually exclusive with the {@link #getSkipProjects skipProjects} property.
+     */
+    @Input
+    abstract ListProperty<String> getScanProjects()
+    /**
+     * A list of projects that will be skipped.
+     * The list or projects to skip must include a preceding colon: <code>skipProjects = [':sub1']</code>.
+     * This is mutually exclusive with the {@link #getScanProjects scanProjects} property.
+     */
+    @Input
+    abstract ListProperty<String> getSkipProjects()
+    /**
+     * Displays a summary of the findings.
+     */
+    @Input
+    abstract Property<Boolean> getShowSummary()
+    /**
+     * Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified.
+     */
+    @Input
+    abstract Property<Number> getFailBuildOnCVSS()
+    /**
+     * Group prefixes of the modules to skip when scanning.
+     * The 'project' prefix can be used to skip all internal dependencies from multi-project build.
+     */
+    @Input
+    abstract ListProperty<String> getSkipGroups()
+    /**
+     * When set to true all dependency groups that begin with 'test' will be skipped.
+     */
+    @Input
+    abstract Property<Boolean> getSkipTestGroups()
+    /**
+     * A list of directories that will be scanned for additional dependencies.
+     */
+    @InputFiles
+    abstract ConfigurableFileCollection getScanSet()
+    /**
+     * Additional CPE to be analyzed.
+     */
+    @Nested
+    abstract NamedDomainObjectContainer<AdditionalCpe> getAdditionalCpes()
+    @Internal
+    boolean isScanSetConfigured() {
+        !scanSet.empty
+    }
+}

src/main/groovy/org/owasp/dependencycheck/gradle/extension/DependencyCheckTaskConfig.groovy

@@ -0,0 +1,20 @@
+package org.owasp.dependencycheck.gradle.extension;
+
+import org.gradle.api.provider.MapProperty;
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input;
+
+interface DependencyCheckTaskConfig {
+    /**
+     * Fails the build if an error occurs during the task execution.
+     */
+    @Input
+    abstract Property<Boolean> getFailOnError()
+    /**
+     * DependencyCheck Engine settings.
+     * List of supported keys: {@link org.owasp.dependencycheck.utils.Settings.KEYS}
+     * @see org.owasp.dependencycheck.utils.Settings
+     */
+    @Input
+    abstract MapProperty<String, Object> getSettings()
+}

src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy

@@ -20,6 +20,8 @@ package org.owasp.dependencycheck.gradle.tasks
 
 import com.github.packageurl.PackageURL
 import com.github.packageurl.PackageURLBuilder
+
+import org.gradle.api.Action
 import org.gradle.api.GradleException
 import org.gradle.api.Project
 import org.gradle.api.artifacts.Configuration
@@ -36,6 +38,7 @@ import org.gradle.api.attributes.Attribute
 import org.gradle.api.file.DirectoryProperty
 import org.gradle.api.model.ObjectFactory
 import org.gradle.api.tasks.Internal
+import org.gradle.api.tasks.Nested
 import org.gradle.api.tasks.OutputDirectory
 import org.gradle.api.tasks.TaskAction
 import org.gradle.maven.MavenModule
@@ -52,6 +55,7 @@ import org.owasp.dependencycheck.dependency.Vulnerability
 import org.owasp.dependencycheck.dependency.naming.CpeIdentifier
 import org.owasp.dependencycheck.exception.ExceptionCollection
 import org.owasp.dependencycheck.exception.ReportException
+import org.owasp.dependencycheck.gradle.extension.AnalyzeTaskConfig
 import org.owasp.dependencycheck.gradle.service.SlackNotificationSenderService
 import org.owasp.dependencycheck.utils.Checksum
 import org.owasp.dependencycheck.utils.SeverityUtil
@@ -89,7 +93,34 @@ abstract class AbstractAnalyze extends ConfiguredTask {
 
     @Inject
     AbstractAnalyze(ObjectFactory objects) {
-        outputDir = objects.directoryProperty().convention(config.outputDirectory)
+        super(AnalyzeTaskConfig)
+        config.skip.set(extension.skip)
+        config.analyzedTypes.set(extension.analyzedTypes)
+        config.format.set(extension.format)
+        config.formats.set(extension.formats)
+        config.scanBuildEnv.set(extension.scanBuildEnv)
+        config.scanDependencies.set(extension.scanDependencies)
+        config.scanConfigurations.set(extension.scanConfigurations)
+        config.skipConfigurations.set(extension.skipConfigurations)
+        config.scanProjects.set(extension.scanProjects)
+        config.skipProjects.set(extension.skipProjects)
+        config.showSummary.set(extension.showSummary)
+        config.failBuildOnCVSS.set(extension.failBuildOnCVSS)
+        config.skipGroups.set(extension.skipGroups)
+        config.skipTestGroups.set(extension.skipTestGroups)
+        config.scanSet.from(extension.scanSet)
+        config.additionalCpes.addAll(extension.additionalCpes)
+        outputDir = objects.directoryProperty().convention(extension.outputDirectory)
+    }
+
+    @Nested
+    @Override
+    AnalyzeTaskConfig getConfig() {
+        (AnalyzeTaskConfig) super.config
+    }
+
+    def config(Action<? super AnalyzeTaskConfig> action) {
+        action.execute(config)
     }
 
     /**