VersionEye plug-in for Kobalt
The plug-in will create and update projects on VersionEye, a service that notifies you about outdated dependencies, security vulnerabilities and license violations.
To use the plug-in include the following in Build.kt file:
import net.thauvin.erik.kobalt.plugin.versioneye.*
val bs = buildScript {
plugins("net.thauvin.erik:kobalt-versioneye:")
}
val p = project {
name = "example"
group = "com.example"
artifactId = name
version = "0.1"
versionEye {
}
}To create or update your project on VersionEye, you will need an API key. If you are signed up, you can find your API Key here:
To create your project on VersionEye simply use your API Key as follows
./kobaltw -Dversioneye.ApiKey=YOUR_API_KEY_HERE versionEyeThis will instruct the plug-in to create and update your project on VersionEye. Your API Key will automatically be saved in thelocal.properties file.
Upon running the above command the plug-in will output something like:
The report is based on the Traffic Light concept:
- Green items are clear.
- Yellow items may require some attention.
- Red items will cause the build to fail.
By default the plug-in is configured to only fail on known security vulnerabilities.
You can configure the VersionEye API Key and Project Key (if you already have one) in one of two ways.
Using the command line:
./kobaltw -Dversioneye.ApiKey=YOUR_API_KEY -Dversionkey.projectKey=YOUR_PROJECT_KEY versionEyeThese keys will be save automatically in the local.properties file.
In the local.properties file:
versioneye.ApiKey=YOUR_API_KEY
versioneye.projectKey=YOUR_PROJECT_KEY
Parameters are configurable in the versionEye task:
versionEye {
baseUrl = "https://www.versioneye.com/"
colors = true
name = ""
org = ""
quiet = false
team = ""
verbose = true
visibility = "public"
failOn(Fail.securityCheck)
}
The values are:
| Value | Description | Default |
|---|---|---|
baseUrl |
For VersionEye Enterprise VM to use your own domain, e.g. https://versioneye.my-company.com/ |
https://www.versioneye.com/ |
colors |
To enable (true) or disable (false) colors in the plug-in output. |
true |
name |
The name of the VersionEye project, if none is specified the Kobalt project name will be used. | none |
quiet |
To completely disable output from the plug-in. | false |
org |
The VersionEye organization, if any. | none |
pom |
Generate a pom.xml for the project. See Private vs. Public. | false |
team |
The VersionEye team, if any. | none |
verbose |
To enable or disable extra information in the plug-in output. | true |
visibility |
To set the project's visibility on VersionEye, either public or private |
public |
Some of the parameters can be controlled temporarily from the command line, as follows:
./kobaltw -Dve.colors=false versionEye
./kobaltw -Dve.verbose=false versionEye
./kobaltw -Dve.quiet=true versionEye
./kobaltw -Dve.colors=false -Dve.verbose=false versionEyeThe failOn directive can be used to trigger specific failures:
versionEye {
failOn(Fail.securityCheck, Fail.licensesCheck)
}
| Fail On | Description |
|---|---|
Fail.dependenciesCheck |
Will triggered a failure on outdated dependencies. |
Fail.licensesUnknownCheck |
Will trigger a failure on unknown licenses. |
Fail.licensesCheck |
Will trigger a failure on licenses whitelist violations. Licenses and components whitelists can be configured on the VersionEye website. |
Fail.securityCheck |
Will trigger a failure on known security vulnerabilities, on by default. |
By default, projects created using the VersionEye API are private. If your project is hosted on GitHub or BitBucket and would like to make it public on VersionEye. The plug-in can generate a pom file compatible with VersionEye, as follows:
versionEye {
pom = true
...
}
and to generate the pom file, but not create a new project on VersionEye:
./kobaltw -Dve.create=false versionEyeBe sure to commit pom.xml on GitHub or BitBucket, and then import your project at:
Finally, configure your project key.