Commit Graph

6 Commits

Author SHA1 Message Date
James Brown
c205a10ec0
ENT-2684 Fix owasp dependency checker to fail builds based on CVSS level (#4169)
OWASP Dependency Checker has been updated so that it can be configured to automatically fail a build when a vulnerable dependency is detected. This option is exposed through gradle settings, so that a build can be configured in TeamCity to pass/fail. This change is backward-compatible - i.e. it does not affect a build by default unless configured to do so.

Ability to fail a build is exposed by the new owasp.failBuildOnCVSS gradle property
By default this is set to '11.0' which will always pass a build even if a vulnerability is found (so will not affect anything by default)
Reduce the CVSS level between 0-10 to indicate what level to fail a build on
Example usage to catch Medium severity (and above) issues:

Configure gradle with the option -Powasp.failBuildOnCVSS=4
2018-11-07 09:00:19 +00:00
josecoll
6f27898664
CORDA-1509 Configure and enable Gradle Build Cache (#3908)
* Fix to enable gradle build caching of test runs.

* Configure gradle build caching to be enabled.

* Generate dependency report and graph:
1) ./gradlew htmlDependencyReport
2) ./gradlew generateDependencyGraphCorda

* Strip out all Jacoco references to prevent Gradle Build Cache error:
"Caching disabled for task ':<module>:test': 'JaCoCo agent configured with `append = true`' satisfied"

* Revert jacoco back into jarFilter gradle build file.
Disable building deterministic modules (including jarFilter).

* Added Gradle build scan plugin.

* Set file encoding to prevent incorrect Gradle build cache keys across different machines.
https://guides.gradle.org/using-build-cache/#system_file_encoding

* Apply gradle build cache settings to buildSrc.

* Added targetted gradle build tasks to leverage cache.

* Updated URL's of several different test Gradle Cache instances.

* Updated CI batch build scripts.

* Updated script perms to be executable.

* Added CI smoke tests batch script.

* Use TestDev Labs gradle cache.

* Echo URL of Gradle Build Repository.
Echo exit status of each Gradle build command.

* Use environment variables to define Gradle Build Cache usage and URL.

* Customisation through parameters.

* Remove dependency graph generation plugin.
Align build cache settings across project and buildSrc gradle files.

* Remove buildSrc gradle build cache config.

* Revert definition of gradle build cache variables back to settings.gradle.

* Fix incorrect path.

* Aligned gradle build cache configuration across buildSrc and project.

* Minor updates to test scope.

* Minor updates to test scope.

* Update scripts to use GRADLE_HOME

* Exit on unset GRADLE_HOME

* Remove duplication following rebase from master.

* Remove fine-grained build task scripts.

* Added back Jacoco reporting.

* Revert jdk8u-deterministic module.

* Incorporating changes from PR review feedback.

* Workaround Jacoco issue associated with Gradle Build Cache test task.

* Update init script.

* Remove redundant build-scan declarations.

* Updates from PR review feedback.

* Remove GRADLE_HOME as no longer needed - everything is driven via gradle wrapper.

* Use CORDA prefix in system environment variable.
2018-09-26 13:38:23 +01:00
Andrzej Cichocki
242d9cf7ad
CORDA-692 Don't include internal packages in API documentation (#2415)
* Use G1 for gradle daemon
2018-01-25 15:26:13 +00:00
Mike Hearn
5f79acaa88 Enable Kotlin incremental compilation in Gradle 2017-01-06 16:39:01 +01:00
Matthew Nesbit
058ac986bd Move contracts base files to namespace to make api aspect clearer in includes.
Move Party to core.crypto as Party is closely aligned with the signing and used in code areas unrelated to the contract code.
2016-05-14 13:47:07 +01:00
Mike Hearn
232a4b7f53 Kotlin 1.0.2. Enable experimental incremental compilation in Gradle. 2016-05-13 12:50:54 +02:00