feat(deps): Update to cdxgen 10.9.10 and gralde 8

MediaMarktSaturn · Sep 11, 2024 · 9a784ac · 9a784ac
1 parent 989faa3
commit 9a784ac
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 env:
-  CDXGEN_VERSION: '10.9.0'
+  CDXGEN_VERSION: '10.9.10'
   CDXGEN_PLUGINS_VERSION: '1.6.3'
   GRYPE_VERSION: 'v0.80.0'
   SBOMQS_VERSION: 'v0.1.9'

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
@@ -13,6 +13,7 @@ ARG DEPSCAN_VERSION
 # sdkman provided jdks
 ARG JAVA_17_VERSION='17.0.12-tem'
 ARG JAVA_21_VERSION='21.0.4-tem'
+ARG GRADLE_VERSION='8.10.1'
 ARG NODE_VERSION='21'
 ARG GO_VERSION='1.22.5'
 
@@ -115,7 +116,7 @@ RUN source "/root/.sdkman/bin/sdkman-init.sh" && \
     sdk install java $JAVA_17_VERSION && \
     sdk install java $JAVA_21_VERSION && \
     sdk install maven && \
-    sdk install gradle 7.6 && \
+    sdk install gradle $GRADLE_VERSION && \
     sdk install sbt && \
     mv /root/.sdkman/candidates $SDK_DIR && \
     chown root:root -R $SDK_DIR && \

diff --git a/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java b/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java
@@ -70,6 +70,7 @@ public class CdxgenClient {
     private static final String CDXGEN_MAVEN_ARGS = "MVN_ARGS";
     private static final String CDXGEN_FETCH_LICENSE = "FETCH_LICENSE";
     private static final String JAVA_HOME = System.getenv("JAVA_HOME");
+    private static final String CDXGEN_DEBUG = "CDXGEN_DEBUG_MODE";
 
     /**
      * Default arguments for a maven call, suppressing download progress output
@@ -102,7 +103,7 @@ public class CdxgenClient {
      * Configurable, supported jdk versions.
      */
     private final Map<String, String> jdkHomes;
-    private final boolean cleanWrapperScripts, excludeGithubFolder, recursiveDefault, requiredScopeOnlyDefault, evidenceDefault, formulationDefault, failOnError;
+    private final boolean cleanWrapperScripts, excludeGithubFolder, recursiveDefault, requiredScopeOnlyDefault, evidenceDefault, formulationDefault, failOnError, cdxgenDebug;
 
     public CdxgenClient() {
         var config = ConfigProvider.getConfig();
@@ -113,6 +114,7 @@ public CdxgenClient() {
         this.evidenceDefault = config.getValue("cdxgen.evidence", Boolean.TYPE);
         this.formulationDefault = config.getValue("cdxgen.formulation", Boolean.TYPE);
         this.failOnError = config.getValue("cdxgen.fail_on_error", Boolean.TYPE);
+        this.cdxgenDebug = config.getValue("cdxgen.debug", Boolean.TYPE);
 
         this.allowedEnvSubstitutions = config.getOptionalValue("app.allowed_env_substitutions", String.class)
             .filter(str -> !str.isBlank())
@@ -126,6 +128,7 @@ public CdxgenClient() {
             CDXGEN_MAVEN_ARGS, DEFAULT_MAVEN_ARGS,
             "PREFER_MAVEN_DEPS_TREE", config.getValue("cdxgen.prefer_mvn_deps_tree", Boolean.TYPE).toString(),
             "CDX_MAVEN_INCLUDE_TEST_SCOPE", String.valueOf(!requiredScopeOnlyDefault),
+            "GRADLE_MULTI_THREADED", "true",
             "CDXGEN_TIMEOUT_MS", Long.toString(config.getValue("app.analysis_timeout", Duration.class).toMillis())
         );
 
@@ -289,6 +292,10 @@ Map<String, String> buildEnv(List<TechnolinatorConfig> configPath, boolean fetch
         var context = new HashMap<>(cdxgenEnv);
         context.put(CDXGEN_FETCH_LICENSE, Boolean.toString(fetchLicenses));
 
+        if (cdxgenDebug) {
+            context.put(CDXGEN_DEBUG, "debug");
+        }
+
         String gradleEnv = sliceConfig(configPath, TechnolinatorConfig::gradle, TechnolinatorConfig.GradleConfig::args)
             .stream().reduce(new ArrayList<>(), CdxgenClient::reduceList).stream().map(this::resolveEnvVars).collect(Collectors.joining(" "));
         if (!gradleEnv.isBlank()) {

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -26,6 +26,7 @@ cdxgen.required_scope_only=${CDXGEN_REQUIRED_SCOPE_ONLY_DEFAULT:false}
 cdxgen.prefer_mvn_deps_tree=${CDXGEN_PREFER_MAVEN_DEPS_TREE_DEFAULT:true}
 cdxgen.evidence=${CDXGEN_EVIDENCE_DEFAULT:false}
 cdxgen.formulation=${CDXGEN_FORMULATION_DEFAULT:false}
+cdxgen.debug=${CDXGEN_DEBUG:false}
 
 grype.template=${GRYPE_TEMPLATE:src/main/docker/assets/grype.tmpl}
 grype.config=${GRYPE_CONFIG}

diff --git a/src/test/docker/structure-test.yaml b/src/test/docker/structure-test.yaml
@@ -106,7 +106,7 @@ commandTests:
       command: 'gradle'
       args: ["--version"]
       expectedOutput:
-          - '.*Gradle 7.*'
+          - '.*Gradle 8.*'
     - name: "Git ask pass runs"
       command: '/app/git_askpass.sh'
       expectedOutput:

diff --git a/src/test/resources/repo/.gitignore b/src/test/resources/repo/.gitignore
@@ -0,0 +1 @@
+maven-wrapper/