feat: support verbose gradle graphs for sbom generation

snyk · Nov 20, 2024 · aed0e73 · aed0e73
1 parent 296b51a
commit aed0e73
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 10 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -118,7 +118,7 @@
     "snyk-cpp-plugin": "2.24.0",
     "snyk-docker-plugin": "6.13.15",
     "snyk-go-plugin": "1.23.0",
-    "snyk-gradle-plugin": "4.6.0",
+    "snyk-gradle-plugin": "4.7.0",
     "snyk-module": "3.1.0",
     "snyk-mvn-plugin": "3.6.0",
     "snyk-nodejs-lockfile-parser": "1.58.10",

diff --git a/test/fixtures/gradle-with-repeated-deps/build.gradle b/test/fixtures/gradle-with-repeated-deps/build.gradle
@@ -0,0 +1,13 @@
+plugins {
+  id 'java'
+}
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+   implementation 'org.apache.ignite:ignite-spring:2.13.0'
+   implementation 'org.apache.ignite:ignite-indexing:2.13.0'
+   implementation 'org.apache.ignite:ignite-core:2.13.0'
+}
diff --git a/test/fixtures/gradle-with-repeated-deps/lib/build.gradle b/test/fixtures/gradle-with-repeated-deps/lib/build.gradle
@@ -0,0 +1,16 @@
+plugins {
+    id 'java-library'
+}
+
+group = 'com.example'
+version = '1.0'
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+   implementation 'org.apache.ignite:ignite-spring:2.13.0'
+   implementation 'org.apache.ignite:ignite-indexing:2.13.0'
+   implementation 'org.apache.ignite:ignite-core:2.13.0'
+}
diff --git a/test/jest/acceptance/snyk-test/print-graph.spec.ts b/test/jest/acceptance/snyk-test/print-graph.spec.ts
@@ -1,4 +1,7 @@
-import { createProjectFromWorkspace } from '../../util/createProject';
+import {
+  createProjectFromFixture,
+  createProjectFromWorkspace,
+} from '../../util/createProject';
 import { runSnykCLI } from '../../util/runSnykCLI';
 
 jest.setTimeout(1000 * 60);
@@ -16,7 +19,7 @@ describe('print graph', () => {
     expect(stdout).toMatch('DepGraph target:\npackage-lock.json');
   });
 
-  test('`snyk test --print-graph` should not prune dependencies', async () => {
+  test('`snyk test --print-graph` should not prune maven dependencies', async () => {
     const project = await createProjectFromWorkspace('maven-many-paths');
 
     const { code, stdout } = await runSnykCLI('test --print-graph', {
@@ -34,6 +37,24 @@ describe('print graph', () => {
     expect(numEdges).toEqual(7);
   });
 
+  test('`snyk test --print-graph` should not prune gradle dependencies', async () => {
+    const project = await createProjectFromFixture('gradle-with-repeated-deps');
+
+    const { code, stdout } = await runSnykCLI('test --print-graph', {
+      cwd: project.path(),
+    });
+
+    expect(code).toEqual(0);
+    const depGraph = JSON.parse(
+      stdout.split('DepGraph data:')[1]?.split('DepGraph target:')[0],
+    );
+    let numEdges = 0;
+    for (const node of depGraph.graph.nodes) {
+      numEdges += node.deps.length;
+    }
+    expect(numEdges).toEqual(28);
+  });
+
   test('`snyk test --print-graph --all-projects` should not prune dependencies', async () => {
     const project = await createProjectFromWorkspace('maven-many-paths');