dependency-check · boolivar · Nov 30, 2025 · Dec 2, 2025
diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/extension/AnalyzerExtension.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/extension/AnalyzerExtension.groovy
@@ -37,9 +37,6 @@ class AnalyzerExtension {
     private final Property<String> zipExtensions
     private final Property<Boolean> jarEnabled
     private final Property<Boolean> centralEnabled
-    private final Property<Boolean> nexusEnabled
-    private final Property<String> nexusUrl
-    private final Property<Boolean> nexusUsesProxy
     private final Property<Boolean> nuspecEnabled
     private final Property<Boolean> assemblyEnabled
     private final Property<Boolean> msbuildEnabled
@@ -77,9 +74,6 @@ class AnalyzerExtension {
         this.zipExtensions = objects.property(String)
         this.jarEnabled = objects.property(Boolean)
         this.centralEnabled = objects.property(Boolean)
-        this.nexusEnabled = objects.property(Boolean)
-        this.nexusUrl = objects.property(String)
-        this.nexusUsesProxy = objects.property(Boolean)
         this.nuspecEnabled = objects.property(Boolean)
         this.assemblyEnabled = objects.property(Boolean)
         this.msbuildEnabled = objects.property(Boolean)
@@ -112,6 +106,7 @@ class AnalyzerExtension {
         nodePackage = objects.newInstance(NodePackageExtension, objects)
         artifactory = objects.newInstance(ArtifactoryExtension, objects)
         ossIndex = objects.newInstance(OssIndexExtension, objects)
+        nexus = objects.newInstance(NexusExtension)
     }
 
     /**
@@ -181,41 +176,53 @@ class AnalyzerExtension {
 
     /**
      * Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation.
+     * @deprecated use nexus { enabled = true }
      */
     @Input
     @Optional
+    @Deprecated
     Property<Boolean> getNexusEnabled() {
-        return nexusEnabled
+        return nexus.enabled
     }
 
+    /* @deprecated use nexus { enabled = true } */
+    @Deprecated
     void setNexusEnabled(Boolean value) {
-        nexusEnabled.set(value)
+        nexus.enabled.set(value)
     }
 
     /**
      * Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled.
+     * @deprecated use nexus { url = "nexus url" }
      */
     @Input
     @Optional
+    @Deprecated
     Property<String> getNexusUrl() {
-        return nexusUrl
+        return nexus.url
     }
 
+    /* @deprecated use nexus { url = "nexus url" } */
+    @Deprecated
     void setNexusUrl(String value) {
-        nexusUrl.set(value)
+        nexus.url.set(value)
     }
 
     /**
      * whether the defined proxy should be used when connecting to Nexus.
+     * @deprecated use nexus { usesProxy = true }
      */
     @Input
     @Optional
+    @Deprecated
     Property<Boolean> getNexusUsesProxy() {
-        return nexusUsesProxy
+        return nexus.usesProxy
     }
 
+    /* @deprecated use nexus { usesProxy = true } */
+    @Deprecated
     void setNexusUsesProxy(Boolean value) {
-        nexusUsesProxy.set(value)
+        nexus.usesProxy.set(value)
     }
 
     /**
@@ -593,6 +600,11 @@ class AnalyzerExtension {
      */
     OssIndexExtension ossIndex
 
+    /**
+     * Nexus configuration extension.
+     */
+    NexusExtension nexus
+
     /**
      * Allows programmatic configuration of the KEV extension
      * @param configClosure the closure to configure the KEV extension
@@ -718,4 +730,14 @@ class AnalyzerExtension {
         config.execute(nodePackage)
         return nodePackage
     }
+
+    /**
+     * Allows programmatic configuration of the nexus extension
+     * @param config the action to configure nexus extension
+     * @return nexus extension
+     */
+    def nexus(Action<NexusExtension> config) {
+        config.execute(nexus)
+        return nexus
+    }
 }
diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/extension/DependencyCheckExtension.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/extension/DependencyCheckExtension.groovy
@@ -155,7 +155,7 @@ class DependencyCheckExtension {
         nvd = objects.newInstance(NvdExtension, objects)
         hostedSuppressions = objects.newInstance(HostedSuppressionsExtension, objects)
         data = objects.newInstance(DataExtension, objects, project)
-        analyzers = new AnalyzerExtension(project, objects)
+        analyzers = objects.newInstance(AnalyzerExtension, project, objects)
         additionalCpes = project.objects.domainObjectContainer(AdditionalCpe.class)
     }
 

diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/extension/NexusExtension.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/extension/NexusExtension.groovy
@@ -0,0 +1,47 @@
+package org.owasp.dependencycheck.gradle.extension
+
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Optional
+
+/**
+ * Nexus analyzer configuration.
+ */
+interface NexusExtension {
+
+    /**
+     * Sets whether the Nexus Analyzer should be used.
+     */
+    @Input
+    @Optional
+    Property<Boolean> getEnabled()
+
+    /**
+     * Nexus server URL.
+     */
+    @Input
+    @Optional
+    Property<String> getUrl()
+
+    /**
+     * Whether Nexus should be accessed through a proxy.
+     */
+    @Input
+    @Optional
+    Property<Boolean> getUsesProxy()
+
+    /**
+     * Nexus basic auth username.
+     */
+    @Input
+    @Optional
+    Property<String> getUsername()
+
+    /**
+     * Nexus basic auth password.
+     */
+    @Input
+    @Optional
+    Property<String> getPassword()
+
+}
diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy
@@ -132,9 +132,11 @@ abstract class ConfiguredTask extends DefaultTask {
 
         settings.setBooleanIfNotNull(ANALYZER_CENTRAL_ENABLED, config.analyzers.centralEnabled.getOrNull())
 
-        settings.setBooleanIfNotNull(ANALYZER_NEXUS_ENABLED, config.analyzers.nexusEnabled.getOrNull())
-        settings.setStringIfNotEmpty(ANALYZER_NEXUS_URL, config.analyzers.nexusUrl.getOrNull())
-        settings.setBooleanIfNotNull(ANALYZER_NEXUS_USES_PROXY, config.analyzers.nexusUsesProxy.getOrNull())
+        settings.setBooleanIfNotNull(ANALYZER_NEXUS_ENABLED, config.analyzers.nexus.enabled.getOrNull())
+        settings.setStringIfNotEmpty(ANALYZER_NEXUS_URL, config.analyzers.nexus.url.getOrNull())
+        settings.setBooleanIfNotNull(ANALYZER_NEXUS_USES_PROXY, config.analyzers.nexus.usesProxy.getOrNull())
+        settings.setStringIfNotNull(ANALYZER_NEXUS_USER, config.analyzers.nexus.username.getOrNull())
+        settings.setStringIfNotNull(ANALYZER_NEXUS_PASSWORD, config.analyzers.nexus.password.getOrNull())
 
         settings.setBooleanIfNotNull(ANALYZER_EXPERIMENTAL_ENABLED, config.analyzers.experimentalEnabled.getOrNull())
         settings.setBooleanIfNotNull(ANALYZER_ARCHIVE_ENABLED, config.analyzers.archiveEnabled.getOrNull())

diff --git a/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckGradlePluginSpec.groovy b/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckGradlePluginSpec.groovy
@@ -24,6 +24,8 @@ import org.gradle.testfixtures.ProjectBuilder
 import org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension
 import spock.lang.Specification
 
+import static org.owasp.dependencycheck.utils.Settings.KEYS.*
+
 class DependencyCheckGradlePluginSpec extends Specification {
     static final String PLUGIN_ID = 'org.owasp.dependencycheck'
     Project project
@@ -198,6 +200,56 @@ class DependencyCheckGradlePluginSpec extends Specification {
 
     }
 
+    def 'legacy nexus properties mapped to NexusExtension'() {
+        given:
+        project.dependencyCheck {
+            analyzers.nexusEnabled = enabled
+            analyzers.nexusUrl = url
+            analyzers.nexusUsesProxy = proxy
+        }
+
+        expect:
+        project.dependencyCheck {
+            assert analyzers.nexus.enabled.get() == enabled
+            assert analyzers.nexus.url.get() == url
+            assert analyzers.nexus.usesProxy.get() == proxy
+        }
+
+        where:
+        enabled | url | proxy
+        true | 'http://someurl' | true
+        false | 'https://testurl' | false
+    }
+
+    def 'NexusExtension properties configure task settings'() {
+        given:
+        def task = project.tasks.findByName(taskName)
+        with(project.dependencyCheck.analyzers.nexus) {
+            enabled.set(true)
+            usesProxy.set(true)
+            url.set('http://nexus')
+            username.set('user')
+            password.set('pass')
+        }
+
+        when:
+        task.initializeSettings()
+
+        then:
+        with(task.settings) {
+            getBoolean(ANALYZER_NEXUS_ENABLED) == true
+            getBoolean(ANALYZER_NEXUS_USES_PROXY) == true
+            getString(ANALYZER_NEXUS_URL) == 'http://nexus'
+            getString(ANALYZER_NEXUS_USER) == 'user'
+            getString(ANALYZER_NEXUS_PASSWORD) == 'pass'
+        }
+
+        where:
+        taskName | _
+        DependencyCheckPlugin.ANALYZE_TASK | _
+        DependencyCheckPlugin.AGGREGATE_TASK | _
+    }
+
     def 'scanConfigurations and skipConfigurations are mutually exclusive'() {
         when:
         project.dependencyCheck {