docs(ant): document Ivy-based provisioning for Ant plugin #8201
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds documentation for using Apache Ivy to provision the Dependency-Check Ant plugin as an alternative to manual JAR installation.
- Adds a new "Installation Using Apache Ivy" section with a build.xml example
- Provides an automated dependency management approach for the Ant plugin
- Aims to simplify setup and ensure version consistency across environments
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ant/src/site/markdown/index.md.vm
Outdated
| #[[ | ||
| ```xml | ||
| <project name="dependency-check-ivy" default="check" | ||
| xmlns:ivy="antlib:org.apache.ivy.ant"> | ||
|
|
||
| <!-- Load Ivy --> | ||
| <taskdef resource="org/apache/ivy/ant/antlib.xml"/> | ||
|
|
||
| <!-- Resolve Dependency-Check Ant dependencies --> | ||
| <ivy:settings/> | ||
| <ivy:retrieve pattern="lib/[artifact]-[revision].[ext]"/> | ||
|
|
||
| <!-- Register Dependency-Check Ant task --> | ||
| <taskdef | ||
| resource="dependency-check-taskdefs.properties"> | ||
| <classpath> | ||
| <fileset dir="lib"> | ||
| <include name="*.jar"/> | ||
| </fileset> | ||
| </classpath> | ||
| </taskdef> | ||
|
|
||
| <target name="check"> | ||
| <dependency-check | ||
| projectName="Example Project" | ||
| scanSet="src" | ||
| format="HTML"/> | ||
| </target> | ||
| </project> |
There was a problem hiding this comment.
The Ivy example is incomplete and will not work as provided. The ivy:retrieve task on line 55 requires an ivy.xml file to specify which dependencies to download, but this file is not mentioned or shown in the documentation.
Users following this example will encounter an error because:
- No
ivy.xmlfile exists to define the dependency-check-ant dependency - The Maven coordinates (groupId, artifactId, version) for dependency-check-ant are not specified
The documentation should either:
- Include a complete
ivy.xmlexample showing how to declare the dependency-check-ant dependency (e.g.,org.owasp:dependency-check-ant:${project.version}) - Explain that users need to create an
ivy.xmlfile with the appropriate dependency declaration - Show the complete Ivy setup including both the
build.xmlandivy.xmlfiles
ant/src/site/markdown/index.md.vm
Outdated
| scanSet="src" | ||
| format="HTML"/> |
There was a problem hiding this comment.
The scanSet attribute is used incorrectly. According to the Ant task API, scanSet is not a simple string attribute - it should be a nested element that defines a fileset or path to scan.
The correct usage should be something like:
<dependency-check projectName="Example Project" format="HTML">
<fileset dir="src">
<include name="**/*.jar"/>
</fileset>
</dependency-check>Or use the scanPath attribute if providing a path reference. The current example with scanSet="src" will likely result in an error or unexpected behavior.
| scanSet="src" | |
| format="HTML"/> | |
| format="HTML"> | |
| <fileset dir="src"> | |
| <include name="**/*.jar"/> | |
| </fileset> | |
| </dependency-check> |
jeremylong
left a comment
jeremylong
left a comment
There was a problem hiding this comment.
See copilot comments.
|
@Artuiro-23 Since you already added some Ivy documentation in #8202, is this still relevant? |
4 participants
This PR documents how to provision the Dependency-Check Ant plugin using Apache Ivy,
providing an alternative to the existing manual JAR installation.
It adds an Ivy-based build.xml example to the Ant documentation.
Fixes #7749