Releases: sonatype-nexus-community/scan-gradle-plugin
Release v3.0.0
First and foremost, please see the usage of this plugin now requires to set explicitly the "Info" log level:
https://github.com/sonatype-nexus-community/scan-gradle-plugin?tab=readme-ov-file#how-to-use
This is a big milestone version as in order to keep this plugin up to date with new updates and improvements in regards to the Lifecycle integration, Java version has been bumped up to 11.
Alongside with the Java version, the Gradle version was also updated.
Given all that, for projects using Gradle lower than 8.3 please take a look at the updated compatibility list in the readme document:
https://github.com/sonatype-nexus-community/scan-gradle-plugin?tab=readme-ov-file#compatibility
Also, the plugin JAR file size has been reduced now that it no longer includes its dependencies shadowed, so dependency management will be done like any other plugin.
Changelog
2e8c08b Try using .vars and rename for jreleaser (#184)
00c89b4 Make the plugin available at the Gradle plugins portal
7cd4fd4 Add values to all POM files generated
906c9d9 Fix Env Variables (#182)
b26817a BNR-1226-Jreleaser (#181)
3d1c858 Added Jreleaser (#174)
97bc24e chore(ci): update CI workflow
4478c81 Sherlock Trunks - Version 3 (#171)
36be381 CI build using GitHub Actions. (#169)
d1d2642 update local circleci notes to work with latest circleci (#168)
ba449a4 Bump up to 2.8.4-SNAPSHOT
a835973 Restore publishing to Gradle plugins portal
0b1f008 Bump up to 2.8.3
4ee87d8 Temporary skips publishing to Gradle plugins portal
07cbd8b Check if a child dependency was already included as compileOnly (#162)
52c210a [skip ci] [Gradle Release Plugin] - new version commit: '2.8.3-SNAPSHOT'.
caeab95 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.8.2'.
1c8df57 Bump up dependencies versions
178a543 Update README.md
1a70918 #155 add failOnDetection plugin configuration to generate OSS Index report without failing build (#158)
c001c02 Update README.md
78e32ad [skip ci] [Gradle Release Plugin] - new version commit: '2.8.2-SNAPSHOT'.
7c45ea2 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.8.1'.
e96e241 Upgrade to safe version of JGit (#157)
6aaf851 [skip ci] [Gradle Release Plugin] - new version commit: '2.8.1-SNAPSHOT'.
2013d95 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.8.0'.
3d55724 New configuration to exclude compileOnly dependencies (#156)
b0d8252 [skip ci] [Gradle Release Plugin] - new version commit: '2.7.1-SNAPSHOT'.
038a633 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.7.0'.
edb4449 #139 Allows to set additional scan targets for IQ evaluations (#150)
a3c4d21 [skip ci] [Gradle Release Plugin] - new version commit: '2.6.3-SNAPSHOT'.
dd3a22c [skip ci] [Gradle Release Plugin] - pre tag commit: '2.6.2'.
5b4fef3 #148 Uses the Legacy Violations text in log output (#149)
c6460e7 Update first-interaction.yml
4a6b446 Update first-interaction.yml
9684c8c Update gradle.properties
9a016cf Delete .muse.toml
9a0c803 #140 Set this tasks as Not Compatible with configuration cache (#142)
8b2e19f Update gradle.properties
a20ec95 Update README.md
2bc22f1 Update CVSS Threshold limit (#138)
65fd125 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.6-SNAPSHOT'.
5d8e9c8 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.5'.
bb040b4 Allow to set attributes to match a variant after a conflict (#136)
23f48e5 Update first-interaction.yml
edfb7cd Upgrade first-interaction to v1.1.1
aae0e56 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.5-SNAPSHOT'.
eaff3bc [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.4'.
119858e Update README.md
e2ba991 #128 Improves handling of project dependencies with variants (#132)
3fbaa75 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.4-SNAPSHOT'.
8e9395f [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.3'.
7ceb99a Update README.md
7a5dd18 Add parent ID to module xml (#129)
6ed2464 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.3-SNAPSHOT'.
17f2bb7 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.2'.
b29bd08 #124 Creates applications under organizations using the new nexus-platform-api method (#130)
0734829 [skip ci] version bump
757c925 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.2-SNAPSHOT'.
cbddd58 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.1'.
677bf2d #126 Improves the error message when it's related to IQ API calls. (#127)
8b3a9c9 [skip ci] [Gradle Release Plugin] - new version commit: '2.5.1-SNAPSHOT'.
5e718b6 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.5.0'.
322e2ff #121 Adios nexus-platform-api - Hello nexus-plaform-api (#122)
9ec37be Skip unresolvable dependencies (#120)
c25b063 smaller banner (#119)
c6769af [skip ci] Version bump
d14699d [skip ci] [Gradle Release Plugin] - new version commit: '2.4.2-SNAPSHOT'.
3e2a5a0 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.4.1'.
ee2c2ac Update build.gradle
be1c1be [skip ci] Removes signing for shadow
7554c11 Adding commons-io to shadded nexus-platform-api. (#118)
323122b Update plugins, dependencies and Gradle versions (#115)
4ca4fed [skip ci] Bump version to 2.4.0
6de7fa9 CycloneDX to generate a JSON result for OSS Index (#113)
a15a22a [skip ci] [Gradle Release Plugin] - new version commit: '2.3.1-SNAPSHOT'.
24998af [skip ci] [Gradle Release Plugin] - pre tag commit: '2.3.0'.
63c1ffe Update README.md
f57606f Update gradle.properties
bfd05f4 Introduce 'modulesExcluded' and 'modulesIncluded' properties for ossIndexAudit (#111)
dcdfd28 explicit nexusIQIndex task (#99) (#110)
492fc5d [skip ci] [Gradle Release Plugin] - new version commit: '2.2.4-SNAPSHOT'.
4aab23c [skip ci] [Gradle Release Plugin] - pre tag commit: '2.2.3'.
4cf2f52 Fix commit hash discovery (#107)
bf3702c Adding Kotlin syntax (#106)
368e2c7 [skip ci] [Gradle Release Plugin] - new version commit: '2.2.3-SNAPSHOT'.
2ea4e97 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.2.2'.
5e43c53 #82 Creates an application with a given organization ID if not exists (#103)
8fe714f [skip ci] [Gradle Release Plugin] - new version commit: '2.2.2-SNAPSHOT'.
364b1ec [skip ci] [Gradle Release Plugin] - pre tag commit: '2.2.1'.
757ec00 Do not eagerly create tasks upon plugin apply (#102)
ee33045 Update first-interaction.yml
b71dc44 docs: Missing slashes before comments in README.md (#100)
a38a368 Improves documentation on sensitive data through command line
8b2e90c [skip ci] [Gradle Release Plugin] - new version commit: '2.2.1-SNAPSHOT'.
b4cbade [skip ci] [Gradle Release Plugin] - pre tag commit: '2.2.0'.
26d7201 CLM-19069 New index task to save a module descriptor for Nexus IQ. (#99)
7046461 Set the main branch to perform a release
ebac358 master -> main (#98)
a44a1f8 [skip ci] [Gradle Release Plugin] - new version commit: '2.1.1-SNAPSHOT'.
ae7688b [skip ci] [Gradle Release Plugin] - pre tag commit: '2.1.0'.
79b1018 #77 Uses assemble instead of build when releasing to skip tests
01fb556 #80 Allows to set directories to include and exclude (#95)
b506cfb #81 Exclude sub-modules by name for Nexus IQ (#97)
74b2c8a #79 Prevents a NullPointerException (#96)
56ca057 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.13-SNAPSHOT'.
bbf8808 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.12'.
e8965e9 Send plugin metadata to Nexus IQ (#91)
5a72293 Update first-interaction.yml
2f065f6 Update README.md
bbfa780 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.12-SNAPSHOT'.
3f133fa [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.11'.
2f28eb6 Bug Fix - Scanning circular dependencies (#78)
0aebdc5 Some typos, etc... and adds CONTRIBUTORS.md (#88)
4344b03 Update first-interaction.yml
5ac8bd7 Update first-interaction.yml
35ab0f9 Delete action.yml
bf5e04d Create first-interaction.yml
8c0d0c1 Create action.yml
a8688fd [skip ci] [Gradle Release Plugin] - new version commit: '2.0.11-SNAPSHOT'.
040a55c [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.10'.
f6d6a4f Update README.md
dcbdd90 [skip ci] Update documentation
9f5f5a8 #74 Copies Gradle configurations to another Set so more can be added (#83)
0b72f8e [skip ci] [Gradle Release Plugin] - new version commit: '2.0.10-SNAPSHOT'.
beaa7a4 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.9'.
158317f CLM-18367 Include runtime dependencies as the IQ Maven plugin does (#75)
558e877 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.9-SNAPSHOT'.
7234de3 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.8'.
f136e5a CLM-18313 Builds the artifact ID for InnerSource dependency manually (#73)
751160b [skip ci] [Gradle Release Plugin] - new version commit: '2.0.8-SNAPSHOT'.
918d3b5 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.7'.
70f2fa1 #66 Update Gradle wrapper, plugins and dependencies versions (#72)
5e4a765 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.7-SNAPSHOT'.
d819267 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.6'.
65ae985 Saves the IQ evaluation results in a JSON file (#70)
3c2c420 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.6-SNAPSHOT'.
b6415cc [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.5'.
9c0a39a Apply groovy exclusions (#69)
950b101 [skip ci] [Gradle Release Plugin] - new version commit: '2.0.5-SNAPSHOT'.
c39d36a [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.4'.
2a7f5e9 Add dependencies to the scanned Module (#65)
7f0389b [skip ci] [Gradle Release Plugin] - new version commit: '2.0.4-SNAPSHOT'.
c1af6e3 [skip ci] [Gradle Release Plugin] - pre tag commit: '2.0.3'.
4034c82 Create flag for enabling printing banner (#64)
2ccd9bb [skip ci] [Gradle Release Plugin] - new version commit: '2.0.3-SNAPSHOT'.
c5e8c61 [skip ci] [Gradle Release Plugin]...
2.8.3
What's Changed
- Check if a child dependency was already included as compileOnly by @guillermo-varela in #162
Full Changelog: 2.8.2...2.8.3
Contributors
Assets 2
2.8.2 Avoid failing when OSS Index reports vulnerabilities
What's Changed
- #155 add failOnDetection plugin configuration by @sgilhooly in #158
Using the new property failOnDetection for ossIndexAudit it's now possible to avoid failing the Gradle task when finding vulnerabilities so users with their own tools can further process the output with components and vulnerabilities (for instance using the CycloneDX standard format).
ossIndexAudit {
failOnDetection = false
}New Contributors
- @sgilhooly made their first contribution in #158
Full Changelog: 2.8.1...2.8.2
Contributors
Assets 2
2.8.1 Upgrade to safe version of JGit
What's Changed
No actions/changes required by anyone already using this plugin.
Full Changelog: 2.8.0...2.8.1
Contributors
Assets 2
2.8.0 Exclude compileOnly dependencies
What's Changed
- New configuration to exclude
compileOnlydependencies by @guillermo-varela in #156
excludeCompileOnly allows this plugin to behave in a similar way as Sonatype CLM for Maven (since compileOnly is an equivalent of the provided scope on Maven):
ossIndexAudit {
excludeCompileOnly = true
}
nexusIQScan {
excludeCompileOnly = true
}Full Changelog: 2.7.0...2.8.0
Contributors
Assets 2
2.7.0 Allows to set additional scan targets for IQ evaluations
What's Changed
- #139 Allows to set additional scan targets for IQ evaluations by @guillermo-varela in #150
Configure your additional targets as paths or Ant-like patterns for relative paths (to the project's folder) to select the files to be scanned and evaluated using the new scanTargets property.
For example:
nexusIQScan {
username = 'admin'
password = 'pass'
serverUrl = 'http://localhost:8070'
applicationId = 'app'
scanTargets = ['package-lock.json', '**/*.lock']
}Full Changelog: 2.6.2...2.7.0
Contributors
Assets 2
Introducing Legacy Violations
As part of our inclusive language initiatives stemming from our core values "Embrace Inclusion", we are renaming the feature previously known as Policy Violation Grandfathering to Legacy Violations.
Avoid failing due to cache configuration
Fixes #140 so the task will not fail anymore due to cache configuration, only gets a warning message.
Variant Selection With Custom Attributes
What's Changed
A new property variantAttributes was added to set attributes which allow to select the right variant in the case of having multiple release variants.
Full details at: https://github.com/sonatype-nexus-community/scan-gradle-plugin#how-to-deal-with-multiple-release-variants
Full Changelog: 2.5.4...2.5.5
Proper selection of "release" variant in Android projects
What's Changed
The plugin now makes a proper selection of the "release" variant for Android projects when there is a dependency on a module with multiple variants: #132
Full Changelog: 2.5.3...2.5.4