diff --git a/README.md b/README.md index 9163b15..2112a94 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,16 @@ Red Hat Dependency Analytics (RHDA) plugin gives you awareness to security concerns within your software supply chain while you build your application. -
Dependency Analytics only supports the following project ecosystems: -- Maven -- Node -- Golang -- Python -- Gradle +
Dependency Analytics supports multiple package managers: +- Maven (mvn) +- NPM (npm) +- PNPM (pnpm) +- Yarn Berry and Classic (yarn) +- Gradle Kotlin and Groovy (gradle) +- Golang (go mod) +- Python (pip) ecosystems, and base images in Dockerfile. + +In future releases, Red Hat plans to support other package managers.
**NOTE:** The Red Hat Dependency Analytics plugin is an online service hosted and maintained by Red Hat. @@ -47,7 +51,7 @@ vulnerability report. - For Golang projects, analyzing a `go.mod` file, you must have the `go` binary in your IDE's `PATH` environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition. - For Python projects, analyzing a `requirements.txt` file, you must have the `python3` and `pip3` binaries in your IDE's `PATH` environment. -- For Gradle projects, analyzing a `build.gradle` file, you must have the `gradle` binary in your system's `PATH` environment. +- For Gradle projects, analyzing a `build.gradle` file or `build.gradle.kts` file, you must have the `gradle` binary in your system's `PATH` environment. - For base images, analyzing a `Dockerfile`, you must have the [`syft`](https://github.com/anchore/syft?tab=readme-ov-file#installation) and [`skopeo`](https://github.com/containers/skopeo/blob/main/install.md) binaries in your IDE's `PATH` environment. **Procedure** @@ -144,7 +148,7 @@ according to your preferences. vulnerabilities. - **Proxy Configuration** : -
From IntelliJ IDEA Appearance & Behavior > System Settings > HTTP Proxy, you can configure a proxy for all HTTP requests made by the plugin. This is useful when your environment requires going through a proxy to access external services. For example:`http://proxy.example.com:8080` +
From IntelliJ IDEA Appearance & Behavior > System Settings > HTTP Proxy, you can configure a static proxy for all HTTP requests made by the plugin. This is useful when your environment requires going through a proxy to access external services. For example:`http://proxy.example.com:8080` ## Features diff --git a/src/main/resources/META-INF/plugin.xml b/src/main/resources/META-INF/plugin.xml index bfb2f75..6ff7768 100644 --- a/src/main/resources/META-INF/plugin.xml +++ b/src/main/resources/META-INF/plugin.xml @@ -20,10 +20,15 @@ displaying the vulnerability report.

IMPORTANT: -
Currently, Dependency Analytics only supports projects that use Maven (mvn), and Node - (npm, pnpm or yarn), Golang (go mod) and Python (pip) ecosystems, and base images in - Dockerfile. -
In future releases, Red Hat plans to support other programming languages. +
Dependency Analytics supports multiple package managers: +

  • Maven (mvn)
    • +
  • NPM (npm)
    • +
  • PNPM (pnpm)
    • +
  • Yarn Berry and Classic (yarn)
    • +
  • Gradle Kotlin and Groovy (gradle)
    • +
  • Golang (go mod)
    • +
  • Python (pip) ecosystems, and base images in Dockerfile.
    • +
    In future releases, Red Hat plans to support other package managers.

    Quick Start

    @@ -34,7 +39,7 @@ IDE's PATH environment.
  • For Node projects, analyzing a package.json file, you must have one of the corresponding package manager npm, pnpm or yarn and - node binaries in your IDE's PATH environment. + node binaries in your IDE's PATH environment. It also requires a corresponding lock file to be present in order to analyze package.json files.
  • For Golang projects, analyzing a go.mod file, you must have the go binary in your IDE's PATH environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition. @@ -42,6 +47,9 @@
  • For Python projects, analyzing a requirements.txt file, you must have the python3 and pip3 binaries in your IDE's PATH environment.
    • +
  • + For Gradle projects, analyzing a build.gradle file or build.gradle.kts file, you must have the gradle binary in your system's PATH environment. +
  • For base images, analyzing a Dockerfile, you must have the syft and @@ -114,6 +122,7 @@ executable.
    If the paths are not provided, your IDE's PATH environment will be used to locate the executables. +
    It also requires a corresponding lock file to be present in order to analyze package.json files.
  • Golang: @@ -142,6 +151,13 @@ dynamically instead. This feature cannot be enabled when Strictly match package version is selected.
    • +
  • + Gradle: +
    Set the full path of the Gradle executable, which allows Exhort to locate and run the gradle + command to resolve dependencies for Gradle projects. +
    By not setting a path to the gradle binary, IntelliJ IDEA uses its default path environment to locate + the file. +
  • Image:
    Set the full path of the Syft executable, which allows Exhort to locate and execute the syft @@ -376,6 +392,12 @@ 1.1.0

    Added support for Gradle manifest files.

    +

    Added support for Yarn.

    +

    Added support for PNPM.

    +

    Added support for Proxy setting(Static Proxy Configuration).

    +

    Enable using the Maven Wrapper.

    +

    No restart needed after installation.

    +

    Require a lock file to be present in order to analyze package.json files.

    1.0.0

    Added support for base image vulnerability scanning in Dockerfiles.

    Bumped Telemetry plugin to 1.1.0.