com.danielsomerfield.cvecheck.owaspdependencycheck.OWASPScanningEngine.groovy Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of gradle-cve-dependency-check Show documentation

CVE Checking for Gradle

There is a newer version: 0.6.2-100

Show newest version

package com.danielsomerfield.cvecheck.owaspdependencycheck

import org.gradle.api.Project
import org.owasp.dependencycheck.Engine
import org.owasp.dependencycheck.dependency.Vulnerability

import static com.danielsomerfield.cvecheck.FileVulnerabilities.getVulnerabilitiesForFiles
import static com.danielsomerfield.cvecheck.gradle.GradleProjects.getFilesForProject

class OWASPScanningEngine implements ScanningEngine {

  private final Engine engine

  public OWASPScanningEngine(Engine engine) {
    this.engine = engine
  }

  def OWASPScanResult createScanResult(final Project project) {
    new OWASPScanResult(transform(project))
  }

  def List transform(Project project) {
    getVulnerabilitiesForFiles(engine, getFilesForProject(project)).collect {Vulnerability v -> new OWASPVulnerability(v.cvssScore)}
  }

  @Override
  void updateSource() {
    engine.doUpdates()
  }

}