Add @Option to Gradle tasks to enable command-line configuration

[vlsi]

For instance:

./gradlew dependencyCheckAggregate --failBuildOnCVSS 8

I know failBuildOnCVSS could be specified in build.* files, however, it would be convenient if the tasks supported command-line options ( see https://docs.gradle.org/current/userguide/custom_tasks.html#sec:declaring_and_using_command_line_options )

[jeremylong]

This looks like it would require a LOT of refactoring of the plugin as the @Option attribute does not work with extensions. As recommended by the gradle documentation all of the configuration within the plugin is done using extensions.

[vlsi]

What if keep extensions as is, but add extra @Option to the task itself?

I guess adjusting failBuildOnCVSS on the fly (e.g. for exploratory purposes) is quite a common use case.

[tdillon]

Being able to configure the plugin from the command line is needed for various CI/CD purposes such as:

• configure properties specific to the build server
• configure properties needed for CI/CD pipeline

Requiring each repo using this plugin to configure the properties in the build.gradle is unmanageable and possibly not allowed (e.g., passwords).

[jeremylong]

Would using an init-script, such as described in odc/issues#4044, work?

[tdillon]

I think an init script could be used to override/configure the plugin.

Here is a simple example to override the report formats.

init.gradle

rootProject {
  afterEvaluate { project ->
    project.dependencyCheck.formats = ['JSON']
  }
}

SonarQube's plugin configuration behavior is what we're used to. It is very handy to set properties from the command line using our CI/CD tool.