From a6a81d6c4411a6d49020191923f217ff145ac9ae Mon Sep 17 00:00:00 2001
From: Sergio del Amo <sergio.delamo@softamo.com>
Date: Mon, 23 Dec 2024 12:10:13 +0100
Subject: [PATCH] Sonatype Scan Gradle Plugin

https://github.com/sonatype-nexus-community/scan-gradle-plugin
---
 buildSrc/build.gradle                               |  1 +
 ...o.micronaut.build.internal.servlet.module.gradle | 13 +++++++++++++
 gradle/libs.versions.toml                           |  5 +++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 6b8830f38..737d00044 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -10,4 +10,5 @@ repositories {
 dependencies {
     implementation libs.gradle.micronaut
     implementation libs.gradle.kotlin
+    implementation(libs.sonatype.scan)
 }
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.servlet.module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.servlet.module.gradle
index 0d6ccd22d..f67602237 100644
--- a/buildSrc/src/main/groovy/io.micronaut.build.internal.servlet.module.gradle
+++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.servlet.module.gradle
@@ -1,4 +1,17 @@
 plugins {
     id 'io.micronaut.build.internal.servlet.base'
     id 'io.micronaut.build.internal.module'
+    id("org.sonatype.gradle.plugins.scan")
+}
+String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
+String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
+boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
+if (sonatypePluginConfigured) {
+ossIndexAudit {
+    username = ossIndexUsername
+    password = ossIndexPassword
+    excludeCoordinates = [
+            "io.undertow:undertow-core:2.3.18.Final" // no patched version https://ossindex.sonatype.org/component/pkg:maven/io.undertow/undertow-core
+    ]
+}
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 6de1e71a6..1beaa90e0 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -21,7 +21,7 @@ micronaut-session = "4.5.0"
 micronaut-validation = "4.8.0"
 google-cloud-functions = '1.1.0'
 micronaut-logging = "1.5.0"
-
+sonatype-scan = "2.8.3"
 # Micronaut
 micronaut-gradle-plugin = "4.4.4"
 kotlin = "1.9.25"
@@ -55,8 +55,9 @@ jetty-alpn-server = { module = 'org.eclipse.jetty:jetty-alpn-server', version.re
 jetty-alpn-conscrypt-server = { module = 'org.eclipse.jetty:jetty-alpn-conscrypt-server', version.ref = 'managed-jetty' }
 kotest-runner = { module = 'io.kotest:kotest-runner-junit5', version.ref = 'kotest-runner' }
 bcpkix = { module = "org.bouncycastle:bcpkix-jdk15on", version.ref = "bcpkix" }
-
 google-cloud-functions = { module = 'com.google.cloud.functions:functions-framework-api', version.ref = 'google-cloud-functions' }
+sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }
+
 # Gradle
 gradle-micronaut = { module = "io.micronaut.gradle:micronaut-gradle-plugin", version.ref = "micronaut-gradle-plugin" }
 gradle-kotlin = { module = "org.jetbrains.kotlin:kotlin-gradle-plugin", version.ref = "kotlin" }