From 35f25df5d7a87901c7135e4e94ca407b4f77093d Mon Sep 17 00:00:00 2001
From: Patrick Mirwald <mirwald@liftric.com>
Date: Thu, 1 Feb 2024 13:43:03 +0100
Subject: [PATCH 1/5] chore(RiskScoreTask): remove project analyzing

---
 .../com/liftric/dtcp/tasks/RiskScoreTask.kt   | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt b/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt
index 18ce825..2e0c6d2 100644
--- a/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt
+++ b/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt
@@ -11,7 +11,6 @@ import org.gradle.api.tasks.TaskAction
 import org.gradle.api.tasks.Input
 import org.gradle.api.tasks.Nested
 import org.gradle.api.tasks.Optional
-import kotlin.time.Duration
 import kotlin.time.ExperimentalTime
 
 abstract class RiskScoreTask : DefaultTask() {
@@ -42,18 +41,18 @@ abstract class RiskScoreTask : DefaultTask() {
     fun riskScoreTask() {
         val apiKeyValue = apiKey.get()
         val urlValue = url.get()
+        val projectUUIDValue = projectUUID.orNull
+        val projectNameValue = projectName.orNull
+        val projectVersionValue = projectVersion.orNull
         val riskScoreValue = riskScore.orNull
+
         if (riskScoreValue == null) {
             logger.info("Skipping risk score calculation")
             return
         }
 
-        val projectUUIDValue = projectUUID.orNull
-        val projectNameValue = projectName.orNull
-        val projectVersionValue = projectVersion.orNull
-
         val maxRiskScore = riskScoreValue.maxRiskScore.orNull
-        val timeout = riskScoreValue.timeout.getOrElse(Duration.ZERO)
+        val timeout = riskScoreValue.timeout.orNull
 
         val dt = DependencyTrack(apiKeyValue, urlValue)
 
@@ -67,10 +66,11 @@ abstract class RiskScoreTask : DefaultTask() {
             else -> throw GradleException("Either projectUUID or projectName and projectVersion must be set")
         }
 
-        dt.analyzeProjectFindings(uuid)
-        logger.info("Reanalyse triggered, waiting $timeout for analysis to finish")
-        runBlocking {
-            delay(timeout)
+        if (timeout != null) {
+            runBlocking {
+                logger.info("waiting $timeout before getting risk score")
+                delay(timeout)
+            }
         }
 
         val updatedProject = dt.getProject(uuid)

From af22e3b8dde0e722df62e8a4bbffb077c88fa1be Mon Sep 17 00:00:00 2001
From: Patrick Mirwald <mirwald@liftric.com>
Date: Thu, 1 Feb 2024 13:43:36 +0100
Subject: [PATCH 2/5] feat(tasks): add AnalyzeProjectTask

---
 .../liftric/dtcp/tasks/AnalyzeProjectTask.kt  | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 src/main/kotlin/com/liftric/dtcp/tasks/AnalyzeProjectTask.kt

diff --git a/src/main/kotlin/com/liftric/dtcp/tasks/AnalyzeProjectTask.kt b/src/main/kotlin/com/liftric/dtcp/tasks/AnalyzeProjectTask.kt
new file mode 100644
index 0000000..a00f36a
--- /dev/null
+++ b/src/main/kotlin/com/liftric/dtcp/tasks/AnalyzeProjectTask.kt
@@ -0,0 +1,53 @@
+package com.liftric.dtcp.tasks
+
+import com.liftric.dtcp.service.DependencyTrack
+import org.gradle.api.DefaultTask
+import org.gradle.api.GradleException
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.TaskAction
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Optional
+
+abstract class AnalyzeProjectTask : DefaultTask() {
+    @get:Input
+    abstract val apiKey: Property<String>
+
+    @get:Input
+    abstract val url: Property<String>
+
+    @get:Input
+    @get:Optional
+    abstract val projectUUID: Property<String>
+
+    @get:Input
+    @get:Optional
+    abstract val projectName: Property<String>
+
+    @get:Input
+    @get:Optional
+    abstract val projectVersion: Property<String>
+
+    @TaskAction
+    fun analyzeProjectTask() {
+        val apiKeyValue = apiKey.get()
+        val urlValue = url.get()
+
+        val projectUUIDValue = projectUUID.orNull
+        val projectNameValue = projectName.orNull
+        val projectVersionValue = projectVersion.orNull
+
+        val dt = DependencyTrack(apiKeyValue, urlValue)
+
+        val uuid = when {
+            projectUUIDValue != null -> projectUUIDValue
+            projectNameValue != null && projectVersionValue != null -> dt.getProject(
+                projectNameValue,
+                projectVersionValue
+            ).uuid
+
+            else -> throw GradleException("Either projectUUID or projectName and projectVersion must be set")
+        }
+
+        dt.analyzeProjectFindings(uuid)
+    }
+}

From aa8e8168728dd3e5b0a34a30cf59b20d20fded40 Mon Sep 17 00:00:00 2001
From: Patrick Mirwald <mirwald@liftric.com>
Date: Thu, 1 Feb 2024 13:44:49 +0100
Subject: [PATCH 3/5] feat(plugin): add analyzeProject task

---
 .../kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt b/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
index cf248a5..e12e048 100644
--- a/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
+++ b/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
@@ -68,6 +68,16 @@ class DepTrackCompanionPlugin : Plugin<Project> {
             task.dependsOn(generateVex)
         }
 
+        val analyzeProject = project.tasks.register("analyzeProject", AnalyzeProjectTask::class.java) { task ->
+            task.group = taskGroup
+            task.description = "Triggers Vulnerability Analysis on a specific project\n"
+            task.apiKey.set(extension.apiKey)
+            task.url.set(extension.url)
+            task.projectUUID.set(extension.projectUUID)
+            task.projectName.set(extension.projectName)
+            task.projectVersion.set(extension.projectVersion)
+        }
+
         val riskScore = project.tasks.register("riskScore", RiskScoreTask::class.java) { task ->
             task.group = taskGroup
             task.description = "Get Risk Score"

From 77c07072292866d085f5089f4b75e1e4567dbd1c Mon Sep 17 00:00:00 2001
From: Patrick Mirwald <mirwald@liftric.com>
Date: Thu, 1 Feb 2024 13:45:13 +0100
Subject: [PATCH 4/5] chore(plugin): remove riskScore Task from
 runDepTrackWorkflow

---
 src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt b/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
index e12e048..cb45f52 100644
--- a/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
+++ b/src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt
@@ -87,14 +87,13 @@ class DepTrackCompanionPlugin : Plugin<Project> {
             task.projectName.set(extension.projectName)
             task.projectVersion.set(extension.projectVersion)
             task.riskScore.set(extension.riskScoreData)
-            task.mustRunAfter(uploadVex)
         }
 
         project.tasks.register("runDepTrackWorkflow") { task ->
             task.group = taskGroup
             task.description =
-                "Runs uploadSbom, generateVex and uploadVex for CI/CD"
-            task.dependsOn(generateSbom, uploadSbom, generateVex, uploadVex, riskScore)
+                "Runs generateSbom, uploadSbom, generateVex, uploadVex for CI/CD integration"
+            task.dependsOn(generateSbom, uploadSbom, generateVex, uploadVex)
         }
 
         project.tasks.register("getOutdatedDependencies", GetOutdatedDependenciesTask::class.java) { task ->

From 298f46c846a83c6f122f3ffb4c704a7a520dc597 Mon Sep 17 00:00:00 2001
From: Patrick Mirwald <mirwald@liftric.com>
Date: Thu, 1 Feb 2024 13:49:04 +0100
Subject: [PATCH 5/5] chore(README): add analyzeProject instruction

---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 0584700..7383894 100644
--- a/README.md
+++ b/README.md
@@ -7,14 +7,15 @@ This plugin internally applies the [CycloneDX Gradle plugin](https://github.com/
 
 The plugin offers several tasks:
 
-- `runDepTrackWorkflow`: Runs `generateSbom`, `uploadSbom`, `generateVex`, `uploadVex` and `riskScore` tasks for CI/CD.
 - `generateSbom`: Generates the SBOM (Runs "cyclonedxBom" from [cyclonedx-gradle-plugin](https://github.com/CycloneDX/cyclonedx-gradle-plugin) under the hood)
 - `uploadSbom`: Uploads SBOM file.
 - `generateVex`: Generates VEX file.
 - `uploadVex`: Uploads VEX file.
+- `analyzeProject`: Triggers Vulnerability Analysis on a specific project
+- `riskScore`: Gets risk score. If the risk score is higher than the specified value, the task will fail.
 - `getOutdatedDependencies`: Gets outdated dependencies.
 - `getSuppressedVuln`: Gets suppressed vulnerabilities.
-- `riskScore`: Gets risk score. If the risk score is higher than the specified value, the task will fail.
+- `runDepTrackWorkflow`: Runs `generateSbom`, `uploadSbom`, `generateVex` and `uploadVex` tasks for CI/CD.
 
 ### Task Configuration
 
@@ -60,6 +61,14 @@ Each task requires certain inputs which are to be specified in your `build.gradl
    - `timeout`: *Optional* - If specified, the task will wait for the risk score to be calculated. Default: 0 seconds
    - `maxRiskScore`: *Optional* - If specified, the task will fail if the risk score is higher than the specified value.
 
+#### analyzeProject
+
+- `url`: Dependency Track API URL
+- `apiKey`: Dependency Track API KEY
+- `projectUUID`: *Optional* - You need to set UUID or projectName and projectVersion
+- `projectName`: *Optional* - You need to set UUID or projectName and projectVersion
+- `projectVersion`: *Optional* - You need to set UUID or projectName and projectVersion
+
 #### getOutdatedDependencies
 
 - `url`: Dependency Track API URL