oss-review-toolkit
diff --git a/‎.github/workflows/build-and-test.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-and-test.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/scorecard-analysis.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecard-analysis.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/static-analysis.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/static-analysis.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎analyzer/src/main/kotlin/PackageManager.kt‎
Lines changed: 2 additions & 3 deletions b/‎analyzer/src/main/kotlin/PackageManager.kt‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎gradle/libs.versions.toml‎
Lines changed: 4 additions & 4 deletions b/‎gradle/libs.versions.toml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎model/src/main/kotlin/Issue.kt‎
Lines changed: 12 additions & 0 deletions b/‎model/src/main/kotlin/Issue.kt‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt‎
Lines changed: 8 additions & 19 deletions b/‎plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt‎
Lines changed: 8 additions & 19 deletions
diff --git a/‎plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt‎
Lines changed: 1 addition & 5 deletions b/‎plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎plugins/package-managers/bazel/src/main/kotlin/Bazel.kt‎
Lines changed: 1 addition & 4 deletions b/‎plugins/package-managers/bazel/src/main/kotlin/Bazel.kt‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎plugins/package-managers/bundler/src/main/kotlin/Bundler.kt‎
Lines changed: 2 additions & 3 deletions b/‎plugins/package-managers/bundler/src/main/kotlin/Bundler.kt‎
Lines changed: 2 additions & 3 deletions
@@ -41,15 +41,15 @@ jobs:
     - name: Checkout Repository
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
       with:
         languages: java
     - name: Setup Gradle
       uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
     - name: Build all classes
       run: ./gradlew -Dorg.gradle.jvmargs=-Xmx1g --no-build-cache classes
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
   test:
     strategy:
       matrix:
 
@@ -30,6 +30,6 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: Upload Code Scanning Results
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
         with:
           sarif_file: ossf-results.sarif
@@ -70,7 +70,7 @@ jobs:
     - name: Check for Detekt Issues
       run: ./gradlew detektAll
     - name: Upload SARIF File
-      uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
       if: always() # Upload even if the previous step failed.
       with:
         sarif_file: build/reports/detekt/merged.sarif
@@ -113,7 +113,7 @@ jobs:
         post-pr-comment: false
         use-caches: false
     - name: Upload Code Scanning Results
-      uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
       with:
         sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
   reuse-tool:
 
@@ -312,9 +312,8 @@ abstract class PackageManager(val projectType: String) : Plugin {
 
                     val issues = listOf(
                         createAndLogIssue(
-                            source = descriptor.displayName,
-                            message = "${descriptor.displayName} failed to resolve dependencies for path " +
-                                "'$relativePath': ${it.collectMessages()}"
+                            "${descriptor.displayName} failed to resolve dependencies for path '$relativePath': " +
+                                it.collectMessages()
                         )
                     )
 
 
@@ -1,9 +1,9 @@
 [versions]
-dependencyAnalysisPlugin = "2.10.1"
+dependencyAnalysisPlugin = "2.11.0"
 detektPlugin = "1.23.8"
 dokkatooPlugin = "2.4.0"
 downloadPlugin = "5.6.0"
-gitSemverPlugin = "0.15.0"
+gitSemverPlugin = "0.16.0"
 graalVmNativeImagePlugin = "0.10.5"
 ideaExtPlugin = "1.1.10"
 jakartaMigrationPlugin = "0.24.0"
@@ -13,7 +13,7 @@ mavenPublishPlugin = "0.31.0"
 reproducibleBuildsPlugin = "1.0"
 versionsPlugin = "0.52.0"
 
-aeSecurity = "0.135.6"
+aeSecurity = "0.135.7"
 asciidoctorj = "3.0.0"
 asciidoctorjPdf = "2.3.19"
 blackduckCommon = "67.0.5"
@@ -59,7 +59,7 @@ postgres = "42.7.5"
 postgresEmbedded = "1.1.0"
 reflections = "0.10.2"
 retrofit = "2.11.0"
-s3 = "2.30.31"
+s3 = "2.30.36"
 saxonHe = "12.5"
 scanoss = "0.10.1"
 semver4j = "5.6.0"
 
@@ -29,6 +29,8 @@ import java.time.Instant
 
 import org.apache.logging.log4j.kotlin.logger
 
+import org.ossreviewtoolkit.plugins.api.Plugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
 import org.ossreviewtoolkit.utils.common.normalizeLineBreaks
 
 /**
@@ -88,3 +90,13 @@ inline fun <reified T : Any> T.createAndLogIssue(
     logger.log(issue.severity.toLog4jLevel()) { message }
     return issue
 }
+
+/**
+ * Create an [Issue] and log the message. The log level is aligned with the [severity]. The [source][Issue.source] is
+ * set to the [display name][PluginDescriptor.displayName] of the plugin.
+ */
+inline fun <reified T : Plugin> T.createAndLogIssue(
+    message: String,
+    severity: Severity? = null,
+    affectedPath: String? = null
+) = createAndLogIssue(descriptor.displayName, message, severity, affectedPath)
@@ -120,8 +120,7 @@ class BlackDuck(
             pkg.blackDuckOriginId?.let { BlackDuckOriginId.parse(it).toExternalId() }
         }.getOrElse {
             issues += createAndLogIssue(
-                source = descriptor.displayName,
-                message = "Could not parse origin-id '${pkg.blackDuckOriginId}' for '${pkg.id.toCoordinates()}: " +
+                "Could not parse origin-id '${pkg.blackDuckOriginId}' for '${pkg.id.toCoordinates()}: " +
                     it.collectMessages()
             )
             return emptyList()
@@ -132,19 +131,15 @@ class BlackDuck(
                 blackDuckApi.searchKbComponentsByExternalId(externalId)
             }.getOrElse {
                 issues += createAndLogIssue(
-                    source = descriptor.displayName,
-                    message = "Requesting origins for externalId '$externalId' failed: ${it.collectMessages()}"
+                    "Requesting origins for externalId '$externalId' failed: ${it.collectMessages()}"
                 )
                 return emptyList()
             }
         } else {
             runCatching {
                 blackDuckApi.searchKbComponentsByPurl(pkg.purl)
             }.getOrElse {
-                issues += createAndLogIssue(
-                    source = descriptor.displayName,
-                    message = "Requesting origins for purl ${pkg.purl} failed: ${it.collectMessages()}"
-                )
+                issues += createAndLogIssue("Requesting origins for purl ${pkg.purl} failed: ${it.collectMessages()}")
                 return emptyList()
             }
         }
@@ -153,10 +148,7 @@ class BlackDuck(
             runCatching {
                 blackDuckApi.getOriginView(searchResult)
             }.onFailure {
-                issues += createAndLogIssue(
-                    source = descriptor.displayName,
-                    message = "Requesting origin details failed: ${it.collectMessages()}"
-                )
+                issues += createAndLogIssue("Requesting origin details failed: ${it.collectMessages()}")
             }.getOrNull()
         }
 
@@ -171,10 +163,9 @@ class BlackDuck(
 
         if (externalId != null && origins.isEmpty()) {
             issues += createAndLogIssue(
-                source = descriptor.displayName,
-                message = "The origin-id '${pkg.blackDuckOriginId} of package ${pkg.id.toCoordinates()} does not " +
-                    "match any origin.",
-                severity = Severity.WARNING
+                "The origin-id '${pkg.blackDuckOriginId} of package ${pkg.id.toCoordinates()} does not match any " +
+                    "origin.",
+                Severity.WARNING
             )
         }
 
@@ -192,9 +183,7 @@ class BlackDuck(
                 logger.info { "Found ${it.size} vulnerabilities for origin ${origin.identifier}." }
             }.onFailure {
                 issues += createAndLogIssue(
-                    source = descriptor.displayName,
-                    message = "Requesting vulnerabilities for origin ${origin.identifier} failed: " +
-                        it.collectMessages()
+                    "Requesting vulnerabilities for origin ${origin.identifier} failed: ${it.collectMessages()}"
                 )
             }.getOrDefault(emptyList())
         }
 
@@ -154,11 +154,7 @@ class VulnerableCode(
                 VulnerabilityReference(sourceUri, it.scoringSystem, severity, score, vector)
             }
         }.onFailure {
-            issues += createAndLogIssue(
-                descriptor.displayName,
-                "Failed to map $this to ORT model due to $it.",
-                Severity.HINT
-            )
+            issues += createAndLogIssue("Failed to map $this to ORT model due to $it.", Severity.HINT)
         }.getOrElse { emptyList() }
 
     /**
 
@@ -152,10 +152,7 @@ class Bazel(override val descriptor: PluginDescriptor = BazelFactory.descriptor)
 
             getPackages(scopes, registry, localPathOverrides, archiveOverrides, projectVcs)
         } else {
-            issues += createAndLogIssue(
-                descriptor.displayName,
-                "Bazel registry URL cannot be determined from the lockfile."
-            )
+            issues += createAndLogIssue("Bazel registry URL cannot be determined from the lockfile.")
             emptySet()
         }
 
 
@@ -299,9 +299,8 @@ class Bundler(
             it.showStackTrace()
 
             issues += createAndLogIssue(
-                source = descriptor.displayName,
-                message = "Failed to parse dependency '$gemName' of project '${projectId.toCoordinates()}' in " +
-                    "'$workingDir': ${it.collectMessages()}"
+                "Failed to parse dependency '$gemName' of project '${projectId.toCoordinates()}' in '$workingDir': " +
+                    it.collectMessages()
             )
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -312,9 +312,8 @@ abstract class PackageManager(val projectType: String) : Plugin {`
`312`	`312`
`313`	`313`	`val issues = listOf(`
`314`	`314`	`createAndLogIssue(`
`315`		`- source = descriptor.displayName,`
`316`		`- message = "${descriptor.displayName} failed to resolve dependencies for path " +`
`317`		`- "'$relativePath': ${it.collectMessages()}"`
	`315`	`+ "${descriptor.displayName} failed to resolve dependencies for path '$relativePath': " +`
	`316`	`+ it.collectMessages()`
`318`	`317`	`)`
`319`	`318`	`)`
`320`	`319`
Original file line number	Diff line number	Diff line change
`@@ -299,9 +299,8 @@ class Bundler(`
`299`	`299`	`it.showStackTrace()`
`300`	`300`
`301`	`301`	`issues += createAndLogIssue(`
`302`		`- source = descriptor.displayName,`
`303`		`- message = "Failed to parse dependency '$gemName' of project '${projectId.toCoordinates()}' in " +`
`304`		`- "'$workingDir': ${it.collectMessages()}"`
	`302`	`+ "Failed to parse dependency '$gemName' of project '${projectId.toCoordinates()}' in '$workingDir': " +`
	`303`	`+ it.collectMessages()`
`305`	`304`	`)`
`306`	`305`	`}`
`307`	`306`	`}`