Swift Application Analysis

NEW IN RELEASE 118

The Swift coordinate based matching feature provides the ability to scan and evaluate Swift dependencies found in the Package.resolved file.

What is supported

Files named Package.resolved (generated by Swift Package Manager) will be analyzed.

What do we parse from the file?

The dependencies under the "pins" section are evaluated. For example:

"pins": [
	{
		"package": "RxSwift",
        "repositoryURL": "https://github.com/ReactiveX/RxSwift.git",
        "state": {
			"branch": null,
          	"revision": "980d2afceb985a5598d7bc6116557b75469857f2",
          	"version": "5.1.0"
		}
	}
] 

Integrations with Swift scanning support

  • CLI from version 118
  • Jenkins from version TBA
  • Bamboo from version TBA

Steps to analyze using the CLI

Invoke a CLI scan of a directory or subdirectories containing a Package.resolved file.  Instructions on how to do this can be found here: Nexus IQ CLI.

Example Package.resolved file

{
  "object": {
    "pins": [
      {
        "package": "RxSwift",
        "repositoryURL": "https://github.com/ReactiveX/RxSwift.git",
        "state": {
          "branch": null,
          "revision": "980d2afceb985a5598d7bc6116557b75469857f2",
          "version": "5.1.0"
        }
      }
    ]
  },
  "version": 1
}


Output from cli

Dashboard results

Report results