Skip to main content

Installing and Configuring the Gradle Plugin

To use the Gradle plugin, you must configure settings in the application’s build.gradle. This section contains the procedure for installing and configuring the plugin.

To install and configure the Gradle plugin, do the following:

  1. Extract the Gradle plugin from the CodeInsightversionPlugins.zip file. See Downloading Plugins.

  2. Use these steps to add all the dependent jars in the code-insight-scan-plugin to the application class path:

  3. Create a folder named dependent_jars within the application project.

  4. Copy all jar files into that folder.

  5. Add the following configuration in build.gradle so that the jars are available to the classpath:

    • buildscript \{

    • dependencies \{

    • classpath files(fileTree(dir: 'dependent_jars', includes: ['*.jar']))

    • \}

    • \}

  6. If the Java plugin is not already applied in the build.gradle script, do so by adding the appropriate configuration at the beginning of the script:

    • For a single module project, add the following:

    • apply plugin: 'java'

    • For a multi-modular project:

    • allprojects \{

    • apply plugin: 'java'

    • \}

  7. Apply the Gradle plugin in the build.gradle file:

    apply plugin: 'code-insight-scan-plugin' 
     
    scanSettings { 
    fnciServer= "<SERVER_URL>" 
    fnciAuthToken= "<BEARER_SERVER_TOKEN_VALUE>" 
    fnciProjectName= "<CODE_INSIGHT_PROJECT_NAME>" 
    alias=<SCAN-AGENT_ALIAS> 
    pluginRootPath= "<PLUGIN_ROOT_PATH>" 
    pluginProjectName= "<APPLICATION_PROJECT_TO_SCAN>" 
    pluginDescription= "<APPLICATION_DESCRIPTION>" 
    pluginPathPrefix= "<PLUGIN_PATH_PREFIX>" 
    }

    • The following is a description of the scan settings used to apply the plugin:

    • scanSettings—An extension to provide the Code Insight scan server settings.

    • fnciServer—(Required) The hosted server where the Code Insight application is running.

    • fnciAuthToken—(Required) The JSON Web Token (JWT) used to authorize user access to the Code Insight functionality. Generate this token using the Code Insight Web UI and then copy and paste it here. Be sure to include the command “Bearer” followed by the token value, as in the example:

    • Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsInVzZXJJZCI6MSwia

    • For more information about generating this token, see Providing an Authorization Token.

    • fnciProjectName—(Required) The name of the Code Insight project existing on the Code Insight server to contains the scan results.

    • alias—A name that you define for the scan-agent plugin. The alias is used to represent the “container” (scan root) under which all the files scanned in this instance will be listed in the API output and in the file tree in the Analysis Workbench. This name must be unique within the project.

    • pluginRootPath—(Required) The path where the plugin will be launched, usually the root of the application. An example value is D:\\test\\Gradle_test\\Gradle_application. This field is required.

    • pluginProjectName—(Required) The name of Gradle-based application whose codebase you want to scan.

    • pluginDescription—A description of the application to display on the Summary tab for the project in Code Insight.

    • pluginPathPrefix—The Code Insight server path (for example, demo_workspace/) used as a prefix for codebase file locations, as listed on the Associated Files tab for an inventory item in the Code Insight user interface. For example, demo_workspace/. This field is optional.

  8. Configure the code-insight-scan task to run during or after the build process. See Important Note About Scanning Dependencies.

Important Note About Scanning Dependencies

Previous versions (1.x) of the Gradle scan-agent plugin scanned both the dependencies section and the project build directory of the Gradle project. The current plugin version (2.x), introduced in Code Insight 2020 R3, scans only the project build directory. Refer to the Gradle documentation for instructions on how to include dependencies as a part of build directory. An example install command for including dependencies might be:

task copyToLib(type: Copy) { into "$buildDir/output/lib" from configurations.runtime }

For this task, use the following command to run the scan agent from the Gradle application project:

gradle build copyToLib code-insight-scan