How can I use Gradle for Sonatype Nexus IQ Analysis

plugins

(Prachi Nawathe) #1

I am currently using Maven for my project. We use Sonatype Nexus IQ server to scan the jars being used in the project so as to make sure all the third party jars that we use are secure.
Now I am planning on moving from Maven to Gradle but I am unable to find a way to perform a Nexus IQ analysis using gradle. Maven uses a plugin “clm-maven-plugin” for the same. Is there any Gradle plugin available for Nexus IQ Scan?


(James Justinic) #2

Sonatype only provides plugins for a few tools and I don’t think they’re open source. If you need to run the scan from Gradle, it seems your best option would be to download the Nexus IQ CLI jar and create a JavaExec task to run it with the appropriate arguments. This shouldn’t be too hard to adapt into a true Gradle Plugin if you want to be able to easily share it across applications.


(Justin Young) #3

We do not currently have a native plugin for Gradle so using the CLI jar is the best approach. Some information regarding collecting dependencies and running the CLI jar is available in our help [0]. Dependent on your project, collecting the dependencies may not be required as they could be available in the build directory. An example of a JavaExec task for the CLI is available [1].

[0] https://help.sonatype.com/pages/viewpage.action?pageId=5406843
[1] https://gist.github.com/kellyrob99/98bde818e60787113a4fce26d515d22c#file-androidiqbuild-gradle-L55