Gradle Plugin

The Vulnlog Gradle plugin integrates Vulnlog commands into your Gradle build.

Installation

Apply the plugin in your build.gradle.kts:

plugins {
    id("dev.vulnlog") version "0.12.0"
}

Configuration

The plugin is configured via the vulnlog extension block. The top-level files property is shared across tasks; per-task settings live in nested blocks documented under each task.

vulnlog {
    files.from("vulnlog.yaml", "other.vl.yaml")
}
Property Description

files

File collection of Vulnlog YAML files to operate on. Used by all tasks except vulnlogInit.

Tasks

All tasks are registered in the vulnlog task group.

vulnlogInit

Scaffolds a minimal Vulnlog file. See vulnlog init for the generated structure.

vulnlogInit is configured via project properties (-P) since it is a one-shot bootstrapping command.

Property Required Description

vulnlog.organization

Yes

Organization name for the Vulnlog project.

vulnlog.name

Yes

Project name.

vulnlog.author

Yes

Author name.

vulnlog.output

Yes

Output file path, relative to the project directory.
Example
./gradlew vulnlogInit \
  -Pvulnlog.organization="Acme Corp" \
  -Pvulnlog.name="Widget" \
  -Pvulnlog.author="Alice" \
  -Pvulnlog.output=vulnlog.yaml

vulnlogValidate

Validates the configured Vulnlog files. See vulnlog validate for validation rules.

vulnlog {
    validate {
        strict = true  // optional
    }
}
Property Default Description

strict

false

Treats warnings as errors and fails the build.

The task uses Gradle’s up-to-date checking via @InputFiles and @Input, so it is skipped when neither the files nor strict have changed.

Example
./gradlew vulnlogValidate

vulnlogSuppress

Generates suppression files for downstream scanners. See vulnlog suppress for supported reporters.

vulnlog {
    suppress {
        outputDir = layout.projectDirectory.dir("suppressions")  // optional
        reporter = "trivy"                                       // optional
        release = "1.0.0"                                        // optional
        tags = setOf("frontend")                                 // optional
    }
}
Property Default Description

outputDir

build/vulnlog/suppressions/

Directory where suppression files are written.

reporter

All reporters

Filter on reporter.

release

All releases

Filter on release, include all releases up to and including that release.

tags

All tags

Filter on tags.
Example
./gradlew vulnlogSuppress

vulnlogReport

Generates an HTML report from the configured Vulnlog file. See vulnlog report for details.

vulnlog {
    report {
        outputFile.set(layout.buildDirectory.file("vulnlog/vulnlog-report.html"))  // optional
        reporter = "trivy"                                                         // optional
        release = "1.0.0"                                                          // optional
        tags = setOf("frontend")                                                   // optional
    }
}
Property Default Description

outputFile

build/vulnlog/vulnlog-report.html

File where the HTML report is written.

reporter

All reporters

Filter on reporter.

release

All releases

Filter on release, include all releases up to and including that release.

tags

All tags

Filter on tags.
Example
./gradlew vulnlogReport