Add CLI options for gemnasium-maven when scanning gradle and sbt projects
Problem to solve
gemnasium-maven
doesn't allow users to specify cli options when scanning gradle and sbt repositories. This prevents users from doing things like dependency scanning projects which have private repos because there is no way to specify login credentials for these repos.
Intended users
Proposal
Add new analyzer variables which will let users specify cli options for gradle and sbt.
Implementation plan
-
add GRADLE_CLI_OPTS
andSBT_CLI_OPTS
togemnasium-maven
which are passed to their respective dependency scanning commands -
create branches in test projects to use these vars -
update the dependency scanning template to use the new vars
Documentation
-
add an entry to the dependency scanning documentation for these variables with an explanation on how to use them.
Availability & Testing
-
update the java-gradle test project with a branch requiring project variables to build/install dependencies (e.g. a dependency version that comes from a cli variable) and ensure that the new functionality passes -
update the scala-sbt test project with a branch requiring project variables to build/install dependencies (e.g. a dependency version that comes from a cli variable) and ensure that the new functionality passes
What does success look like, and how can we measure that?
-
we can run gemnasium-maven
against a {gradle,sbt} project that requires project properties to fetch dependencies
What is the type of buyer?
Links / references
Edited by Igor Frenkel