Updated documentation & build process

Author: rsenden

.classpath

@@ -13,3 +13,6 @@ rebel.xml
 .settings/
 bin/
 lombok.config
+.classpath
+.project
+*.fpr

.gitignore

@@ -1,5 +1,5 @@
 The MIT License (MIT)
-(c) Copyright 2017 EntIT Software LLC, a Micro Focus company
+(c) Copyright 2020 Micro Focus or one of its affiliates, a Micro Focus company
 
 Permission is hereby granted, free of charge, to any person obtaining a 
 copy of this software and associated documentation files (the 

.project

@@ -0,0 +1,136 @@
+# Fortify SSC Parser Plugin for OWASP Dependency Check
+
+This Fortify SSC parser plugin allows for importing scan results from OWASP Dependency Check.
+
+### <a name="related-links">Related Links</a>
+
+* **Downloads**:  
+  _Beta versions may be unstable or non-functional. The `*-licenseReport.zip` and `*-dependencySources.zip` files are for informational purposes only and do not need to be downloaded._
+	* **Release versions**: https://bintray.com/package/files/fortify-ps/binaries/fortify-ssc-parser-owasp-dependency-check-release?order=desc&sort=fileLastModified&basePath=&tab=files  
+	* **Beta versions**: https://bintray.com/package/files/fortify-ps/binaries/fortify-ssc-parser-owasp-dependency-check-beta?order=desc&sort=fileLastModified&basePath=&tab=files
+	* **Sample input files**: [sampleData](sampleData)
+* **GitHub**: https://github.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check
+* **Automated builds**: https://travis-ci.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check
+* **OWASP Dependency Check website**: https://owasp.org/www-project-dependency-check/
+
+
+## <a name="usage">Usage</a>
+
+The following sections describe how to install and use the plugin. For generic information
+about how to install and use SSC parser plugins, please see the Fortify SSC documentation.
+
+### <a name="plugin-install--upgrade">Plugin Install & Upgrade</a>
+
+* Obtain the plugin binary jar file
+	* Either download from Bintray (see [Related Links](#related-links)) 
+	* Or by building yourself (see [Information for plugin developers](#information-for-plugin-developers))
+* If you already have another version of the plugin installed, first uninstall the plugin by following the steps in [Plugin Uninstall](#plugin-uninstall)
+* In Fortify Software Security Center:
+	* Navigate to Administration->Plugins->Parsers
+	* Click the `NEW` button
+	* Accept the warning
+	* Upload the plugin jar file
+	* Enable the plugin by clicking the `ENABLE` button
+  
+### <a name="plugin-uninstall">Plugin Uninstall</a>
+
+* In Fortify Software Security Center:
+	* Navigate to Administration->Plugins->Parsers
+	* Select the parser plugin that you want to uninstall
+	* Click the `DISABLE` button
+	* Click the `REMOVE` button 
+
+### <a name="obtain-results">Obtain results</a>
+
+Please see the OWASP Dependency Check documentation for details on scanning applications and 
+generating reports. Note that the SSC parser plugin requires the uploaded reports to be in JSON
+format.
+
+### <a name="upload-results">Upload results</a>
+
+SSC web interface (manual upload):
+
+* Navigate to the Artifacts tab of your application version
+* Click the `UPLOAD` button
+* Click the `ADD FILES` button, and select the JSON file to upload
+* Enable the `3rd party results` check box
+* Select the `OWASP_DEPCHECK` type
+  
+SSC clients (FortifyClient, Maven plugin, ...):
+
+* Generate a scan.info file containing a single line as follows:  
+  `engineType=OWASP_DEPCHECK`
+* Generate a zip file containing the following:
+	* The scan.info file generated in the previous step
+	* The JSON file containing scan results
+* Upload the zip file generated in the previous step to SSC
+	* Using any SSC client, for example FortifyClient
+	* Similar to how you would upload an FPR file
+
+
+
+## <a name="information-for-plugin-developers">Information for plugin developers</a>
+
+The following sections provide information that may be useful for developers of this 
+parser plugin.
+
+### <a name="ides">IDE's</a>
+
+This project uses Lombok. In order to have your IDE compile this project without errors, 
+you may need to add Lombok support to your IDE. Please see https://projectlombok.org/setup/overview 
+for more information.
+
+### <a name="gradle">Gradle</a>
+
+It is strongly recommended to build this project using the included Gradle Wrapper
+scripts; using other Gradle versions may result in build errors and other issues.
+
+The Gradle build uses various helper scripts from https://github.com/fortify-ps/gradle-helpers;
+please refer to the documentation and comments in included scripts for more information. 
+
+### <a name="commonly-used-commands">Commonly used commands</a>
+
+All commands listed below use Linux/bash notation; adjust accordingly if you
+are running on a different platform. All commands are to be executed from
+the main project directory.
+
+* `./gradlew tasks --all`: List all available tasks
+* Build: (plugin binary will be stored in `build/libs`)
+	* `./gradlew clean build`: Clean and build the project
+	* `./gradlew build`: Build the project without cleaning
+	* `./gradlew dist`: Build distribution zip
+* Version management:
+	* `./gradlew printProjectVersion`: Print the current version
+	* `./gradlew startSnapshotBranch -PnextVersion=2.0`: Start a new snapshot branch for an upcoming `2.0` version
+	* `./gradlew releaseSnapshot`: Merge the changes from the current branch to the master branch, and create release tag
+* `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed
+
+Note that the version management tasks operate only on the local repository; you will need to manually
+push any changes (including tags and branches) to the remote repository.
+
+### <a name="versioning">Versioning</a>
+
+The various version-related Gradle tasks assume the following versioning methodology:
+
+* The `master` branch is only used for creating tagged release versions
+* A branch named `<version>-SNAPSHOT` contains the current snapshot state for the upcoming release
+* Optionally, other branches can be used to develop individual features, perform bug fixes, ...
+	* However, note that the Gradle build may be unable to identify a correct version number for the project
+	* As such, only builds from tagged versions or from a `<version>-SNAPSHOT` branch should be published to a Maven repository
+
+### <a name="automated-builds--publishing">Automated Builds & publishing</a>
+
+Travis-CI builds are automatically triggered when there is any change in the project repository,
+for example due to pushing changes, or creating tags or branches. If applicable, binaries and related 
+artifacts are automatically published to Bintray using the `bintrayUpload` task:
+
+* Building a tagged version will result in corresponding release version artifacts to be published
+* Building a branch named `<version>-SNAPSHOT` will result in corresponding beta version artifacts to be published
+* No artifacts will be deployed for any other build, for example when Travis-CI builds the `master` branch
+
+See the [Related Links](#related-links) section for the relevant Travis-CI and Bintray links.
+
+
+# <a name="licensing">Licensing</a>
+See [LICENSE.TXT](LICENSE.TXT)
+

LICENSE.TXT

@@ -3,52 +3,75 @@ plugins {
   id "com.jfrog.bintray" version "1.8.4"
   id 'org.ajoberstar.grgit' version "4.0.0"
   id 'com.github.jk1.dependency-license-report' version '1.12'
+  id "org.kordamp.gradle.markdown" version "2.0.0"
 }
 
 group 'com.fortify.ssc.parser.owasp.dependencycheck'
 
 ext {
-	gradleHelpersLocation = "https://raw.githubusercontent.com/fortify-ps/gradle-helpers/master"
+	gradleHelpersLocation = "https://raw.githubusercontent.com/fortify-ps/gradle-helpers/1.0"
 }
 
 apply from: "${gradleHelpersLocation}/repo-helper.gradle"
 apply from: "${gradleHelpersLocation}/junit-helper.gradle"
 apply from: "${gradleHelpersLocation}/version-helper.gradle"
+apply from: "${gradleHelpersLocation}/fortify-helper.gradle"
 
 // Project and plugin version based on SCM information
 version = getProjectVersionAsBetaOrRelease(true)
 ext {
 	sscParserPluginVersion = getProjectVersionAsPlainVersionNumber()
+	betaOrReleaseLabel = getBetaOrReleaseLabel()
+	bintrayPkgName = "${rootProject.name}-${betaOrReleaseLabel}"
 	bintrayDownloadContainerName = getProjectVersionAsBetaOrRelease(false)
 	projectLicense = 'MIT'
 }
 
 apply from: "${gradleHelpersLocation}/ssc-parser-plugin-helper.gradle"
-apply from: "${gradleHelpersLocation}/dependency-sources-licenses-helper.gradle"
+apply from: "${gradleHelpersLocation}/thirdparty-helper.gradle"
 apply from: "${gradleHelpersLocation}/bintray-binaries-helper.gradle"
+apply from: "${gradleHelpersLocation}/readme2html.gradle"
 
 apply plugin: 'java'
 sourceCompatibility = 1.8
 
+sourceSets {
+    test {
+        resources {
+            srcDir "sampleData"
+        }
+    }
+}
+
 configurations.all {
     // Don't cache modules that may change (i.e. snapshots)
 	resolutionStrategy.cacheChangingModulesFor 0, 'seconds'
 }
 
 dependencies {
-    compileExport(group: 'com.fortify.ssc.parser.util', name: 'fortify-ssc-parser-util', version:'1.1.0-SNAPSHOT', changing: true) { transitive = true }
+    compileExport(group: 'com.fortify.ssc.parser.util', name: 'fortify-ssc-parser-util', version:'1.0', changing: false) { transitive = true }
+}
+
+task dist(type: Zip) {
+	dependsOn 'build', 'readme2html'
+	archiveFileName = "${rootProject.name}-${project.version}.zip"
+	destinationDirectory = file("$buildDir/dist")
+	from("${libsDir}") {
+		include "${rootProject.name}-${project.version}.jar"
+	}
+	from "${buildDir}/html"
+	from("${projectDir}") {
+		include "sampleData/**/*"
+		include "LICENSE.TXT"
+	}
 }
 
 bintray {
     filesSpec {
-       from("build/libs") { // Plugin jar
-          include "*.jar"
-       }
-       from("build/dist") { // Dependency sources and licenses
+       from("${buildDir}/dist") {
           include "*.zip"
        }
        into '.'
     }
 }
-_bintrayRecordingCopy.dependsOn 'build', 'packageDependencySourcesAndLicenses'
-
+_bintrayRecordingCopy.dependsOn 'clean', 'dist', 'distThirdParty'