Adding Kotlin syntax (#106)

README.md

@@ -54,9 +54,17 @@ Gradle can be used to build projects developed in various programming languages.
 ## How to Use
 - Create/Clone/Download any Gradle project.
 - Edit its `build.gradle` file adding this:
+
+```
+plugins {
+  id 'org.sonatype.gradle.plugins.scan' version '2.2.2' // Update the version as needed
+}
+```
+
+- Or `build.gradle.kts`:
 ```
 plugins {
-  id 'org.sonatype.gradle.plugins.scan' version '2.2.0' // Update the version as needed
+    id ("org.sonatype.gradle.plugins.scan") version "2.2.2" // Update the version as needed
 }
 ```
 
@@ -68,7 +76,9 @@ After doing so, specific usage on CI tools can be found at https://github.com/gu
 OSS Index can be used without any extra configuration, but to avoid reaching the limit for anonymous queries every user
 is encouraged to create a free account on [OSS Index](https://ossindex.sonatype.org/user/signin) and use the credentials
 on this plugin. Cache can also be configured optionally.
-```
+
+If you are using Groovy (build.gradle file):
+```groovy
 ossIndexAudit {
     username = 'email' // if not provided, an anonymous query will be made
     password = 'pass'
@@ -93,12 +103,48 @@ ossIndexAudit {
     excludeCoordinates = ['commons-fileupload:commons-fileupload:1.3'] // list containing coordinate of components which if vulnerable should be ignored
 }
 ```
+
+Or if you are using Kotlin (build.gradle.kts file):
+```kotlin
+ossIndexAudit {
+    username = "email" // if not provided, an anonymous query will be made
+    password = "pass"
+    isAllConfigurations =
+        false // if true includes the dependencies in all resolvable configurations. By default is false, meaning only "compileClasspath", "runtimeClasspath", "releaseCompileClasspath" and "releaseRuntimeClasspath" are considered
+    isUseCache = true // true by default
+    cacheDirectory = "some/path" // by default it uses the user data directory (according to OS)
+    cacheExpiration =
+        "PT12H" // 12 hours if omitted. It must follow the Joda Time specification at https://www.javadoc.io/doc/joda-time/joda-time/2.10.4/org/joda/time/Duration.html#parse-java.lang.String-
+    isColorEnabled = false // if true prints vulnerability description in color. By default is true.
+    isDependencyGraph =
+        false // if true prints dependency graph showing direct/transitive dependencies. By default is false.
+    proxyConfiguration { // extra configuration when running behind a proxy without direct internet access
+        protocol = "http" // can be "http" (default) or "https"
+        host = "proxy-host" // hostname for the proxy
+        port = 8080 // port for the proxy
+        authConfiguration.username = "username" // username for the proxy (if credentials are required)
+        authConfiguration.password = "password" // password for the proxy (if credentials are required)
+    }
+    isShowAll =
+        false // if true prints all dependencies. By default is false, meaning only dependencies with vulnerabilities will be printed.
+    isPrintBanner = true // if true will print ASCII text banner. By default is true.
+
+    // ossIndexAudit can be configured to exclude vulnerabilities from matching
+    excludeVulnerabilityIds =
+        listOf("39d74cc8-457a-4e57-89ef-a258420138c5") // list containing ids of vulnerabilities to be ignored
+    excludeCoordinates =
+        listOf("commons-fileupload:commons-fileupload:1.3") // list containing coordinate of components which if vulnerable should be ignored
+}
+```
+
 - Open Terminal on the project's root and run `./gradlew ossIndexAudit`
 - You should see the audit result on Terminal.
 
 ### Nexus IQ Server Scan and Evaluate
 - Start a local instance of IQ Server, or get the URL and credentials of a remote one.
 - Configure IQ Server settings inside the `nexusIQScan` configuration on the file `build.gradle` e.g.
+
+Groovy:
 ```
 nexusIQScan {
     username = 'admin' // Make sure to use an user with the role 'Application Evaluator' in the given IQ Server application
@@ -114,22 +160,46 @@ nexusIQScan {
     dirIncludes = 'some-ant-pattern' // Optional. Comma separated ant-like glob patterns to select directories/archives that should be examined
 }
 ```
+
+Kotlin:
+```
+nexusIQScan {
+    username = "admin" // Make sure to use an user with the role "Application Evaluator" in the given IQ Server application
+    password = "pass"
+    serverUrl = "http://localhost:8070"
+    applicationId = "app"
+    organizationId = "orgId" // Optional. If provided, a validation will be done to check if the given application ID exists under the organization ID (please note this is different than the organization name). If the application doesn"t exists, then it will be created under the organization.
+    stage = "build" // build is used if omitted
+    isAllConfigurations = false // if true includes the dependencies in all resolvable configurations. By default is false, meaning only "compileClasspath", "runtimeClasspath", "releaseCompileClasspath" and "releaseRuntimeClasspath" are considered
+    resultFilePath = "results.json" // Optional. JSON file containing results of the evaluation
+    modulesExcluded = listOf("module-1", "module-2") // Optional. For multi-module projects, the names of the sub-modules to exclude from scanning and evaluation.
+    dirExcludes = "some-ant-pattern" // Optional. Comma separated ant-like glob patterns to select directories/archives that should be excluded. For Android projects we suggest using "**/classes.jar,**/annotations.zip,**/lint.jar,**/internal_impl-*.jar"
+    dirIncludes = "some-ant-pattern" // Optional. Comma separated ant-like glob patterns to select directories/archives that should be examined
+}
+```
+
 - Open Terminal on the project's root and run `./gradlew nexusIQScan`
 - You should see the scan report URL report on Terminal.
 
 ### Nexus IQ Index
-Allows you to save information about the dependencies of a project into module information (module.xml) files that Sonatype CI tools can use to include these dependencies in a scan.
+Allows you to save information about the dependencies of a project into module information (module.xml) files that Sonatype CI tools can use to include these dependencies in a scan. Groovy:
 ```
 nexusIQIndex {
      modulesExcluded = ['module-1', 'module-2'] // Optional. For multi-module projects, the names of the sub-modules to exclude from indexing.
 }
 ```
 
+Kotlin:
+```
+nexusIQIndex {
+     modulesExcluded = listOf("module-1", "module-2") // Optional. For multi-module projects, the names of the sub-modules to exclude from indexing.
+}
+```
+
 ### Sensitive Data
 Sometimes it's not desirable to keep sensitive data stored on `build.gradle`. For such cases it's possible to use project properties (-P arguments) or system properties (-D arguments or injected from a tool) from command line or environment variables when running the `nexusIQScan` or `ossIndexAudit` tasks.
 
-Here is an example using project properties for the credentials:
-
+Here is an example using project properties for the credentials, Groovy
 ```
 nexusIQScan {
     username = project['username']
@@ -144,6 +214,22 @@ ossIndexAudit {
 }
 ```
 
+Kotlin:
+
+```
+nexusIQScan {
+    username = project["username"]
+    password = project["password"]
+    serverUrl = "http://localhost:8070"
+    applicationId = "app"
+}
+
+ossIndexAudit {
+    username = project["username"]
+    password = project["password"]
+}
+```
+
 On command line:
 ```
 ./gradlew nexusIQScan -Pusername=admin -Ppassword=pass
@@ -155,7 +241,7 @@ On command line:
 
 Each property name can be set as needed.
 
-Here is an example using system properties for the credentials:
+Here is an example using system properties for the credentials (Groovy):
 
 ```
 nexusIQScan {
@@ -173,7 +259,7 @@ ossIndexAudit {
 
 As mentioned above the values can be set on command line using -D arguments or injected via a tool (CI/CD for instance).
 
-Finally this is how environment variables can be used (usually values are injected from the local environment or by a CI tool):
+Finally this is how environment variables can be used (usually values are injected from the local environment or by a CI tool, Groovy):
 ```
 nexusIQScan {
     username = System.getenv('username')
@@ -188,6 +274,21 @@ ossIndexAudit {
 }
 ```
 
+Kotlin version:
+```
+nexusIQScan {
+    username = System.getenv("username")
+    password = System.getenv("password")
+    serverUrl = "http://localhost:8070"
+    applicationId = "app"
+}
+
+ossIndexAudit {
+    username = System.getenv("username")
+    password = System.getenv("password")
+}
+```
+
 ### Multi-module projects
 Just apply the plugin on the root project and all sub-modules will be processed and the output will be a single report
 with all components found in each module. This includes Android projects.