- Looking for our JavaScript/TypeScript API? Try Crda JavaScript API.
- Looking for our Backend implementation? Try Crda Backend.
The Crda Java API module is deployed to GitHub Package Registry.
Click here for configuring GHPR registry access.
Configure Registry Access
Create a
token
with the read:packages scope
Based on GitHub documentation, In Actions you can use GITHUB_TOKEN
-
Maven users
- Encrypt your token
$ mvn --encrypt-password your-ghp-token-goes-here encrypted-token-will-appear-here
- Add a server definition in your $HOME/.m2/settings.xml
<servers> ... <server> <id>github</id> <username>github-userid-goes-here</username> <password>encrypted-token-goes-here-including-curly-brackets</password> </server> ... </servers>
- Encrypt your token
-
Gradle users, save your token and username as environment variables
- GITHUB_USERNAME
- GITHUB_TOKEN
Usage
- Configure Registry
-
Maven users, add a repository definition in pom.xml
<repositories> ... <repository> <id>github</id> <url>https://maven.pkg.github.com/RHEcosystemAppEng/crda-java-api</url> </repository> ... </repositories>
-
Gradle users, add a maven-type repository definition in build.gradle
repositories { ... maven { url 'https://maven.pkg.github.com/RHEcosystemAppEng/crda-java-api' credentials { username System.getenv("GITHUB_USERNAME") password System.getenv("GITHUB_TOKEN") } } ... } - Declare the dependency
-
Maven users, add a dependency in pom.xml
<dependency> <groupId>com.redhat.crda</groupId> <artifactId>crda-java-api</artifactId> <version>${crda-java-api.version}</version> </dependency>
-
Gradle users, add a dependency in build.gradle
implementation 'com.redhat.crda:crda-java-api:${crda-java-api.version}'
-
Maven users, add a dependency in pom.xml
-
If working with modules, configure module read
module x { // module-info.java requires com.redhat.crda; }
-
Code example
import com.redhat.crda.impl.CrdaApi; import com.redhat.crda.backend.AnalysisReport; import java.nio.file.Files; import java.nio.file.Paths; import java.util.concurrent.CompletableFuture; public class CrdaExample { public static void main(String... args) throws Exception { // instantiate the Crda API implementation var crdaApi = new CrdaApi(); // get a byte array future holding a html Stack Analysis report CompletableFuture<byte[]> htmlStackReport = crdaApi.stackAnalysisHtml("/path/to/pom.xml"); // get a AnalysisReport future holding a deserialized Stack Analysis report CompletableFuture<AnalysisReport> stackReport = crdaApi.stackAnalysis("/path/to/pom.xml"); // get a AnalysisReport future holding a deserialized Component Analysis report var manifestContent = Files.readAllBytes(Paths.get("/path/to/pom.xml")); CompletableFuture<AnalysisReport> componentReport = crdaApi.componentAnalysis("pom.xml", manifestContent); } }
Supported Ecosystems
Excluding Packages
Excluding a package from any analysis can be achieved by marking the package for exclusion.
-
Java Maven users can add a comment in pom.xml
<dependency> <!--crdaignore--> <groupId>...</groupId> <artifactId>...</artifactId> <version>...</version> </dependency>
Customization
There are 2 approaches for customizing Crda Java API. Using Environment Variables or Java Properties:
System.setProperty("CRDA_SNYK_TOKEN", "my-private-snyk-token"); System.setProperty("CRDA_MVN_PATH", "/path/to/custom/mvn");
Environment variables takes precedence.
Customizing Tokens
For including extra vulnerability data and resolutions, otherwise only available only for vendor registered users. You can use the following keys for setting various vendor tokens.
| Vendor | Token Key |
|---|---|
| Snyk | CRDA_SNYK_TOKEN |
Customizing Executables
This project uses each ecosystem's executable for creating dependency trees. These executables are expected to be present on the system's PATH environment. If they are not, or perhaps you want to use custom ones. Use can use the following keys for setting custom paths for the said executables.
| Ecosystem | Default | Executable Key |
|---|---|---|
| Maven | mvn | CRDA_MVN_PATH |