docs: update readme and change-notes. (#202)

soul2zimate · web-flow · commit 0c5abfdbb3ff · 2025-08-30T20:32:57.000+08:00
* docs: update readme and change-notes.

Signed-off-by: Chao Wang &lt;chaowan@redhat.com&gt;

* docs: update.

Signed-off-by: Chao Wang &lt;chaowan@redhat.com&gt;

* docs: static proxy configration clarification

Signed-off-by: Chao Wang &lt;chaowan@redhat.com&gt;

---------

Signed-off-by: Chao Wang &lt;chaowan@redhat.com&gt;
diff --git a/README.md b/README.md
@@ -13,12 +13,16 @@
 Red Hat Dependency Analytics (RHDA) plugin gives you awareness to security concerns within your software supply chain
 while you build your application.
 
-<br >Dependency Analytics only supports the following project ecosystems:
-- Maven
-- Node
-- Golang
-- Python
-- Gradle
+<br>Dependency Analytics supports multiple package managers:
+- Maven (mvn)
+- NPM (npm)
+- PNPM (pnpm)
+- Yarn Berry and Classic (yarn)
+- Gradle Kotlin and Groovy (gradle)
+- Golang (go mod)
+- Python (pip) ecosystems, and base images in Dockerfile.
+
+In future releases, Red Hat plans to support other package managers.
 
 <br >**NOTE:**
 The Red Hat Dependency Analytics plugin is an online service hosted and maintained by Red Hat.
@@ -47,7 +51,7 @@ vulnerability report.
 - For Golang projects, analyzing a `go.mod` file, you must have the `go` binary in your IDE's `PATH` environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition.
 - For Python projects, analyzing a `requirements.txt` file, you must have the `python3` and `pip3` binaries in your
   IDE's `PATH` environment.
-- For Gradle projects, analyzing a `build.gradle` file, you must have the `gradle` binary in your system's `PATH` environment.
+- For Gradle projects, analyzing a `build.gradle` file or `build.gradle.kts` file, you must have the `gradle` binary in your system's `PATH` environment.
 - For base images, analyzing a `Dockerfile`, you must have the [`syft`](https://github.com/anchore/syft?tab=readme-ov-file#installation) and [`skopeo`](https://github.com/containers/skopeo/blob/main/install.md) binaries in your IDE's `PATH` environment.
 
 **Procedure**
@@ -144,7 +148,7 @@ according to your preferences.
   vulnerabilities.
 
 - **Proxy Configuration** :
-  <br >From IntelliJ IDEA Appearance & Behavior > System Settings > HTTP Proxy, you can configure a proxy for all HTTP requests made by the plugin. This is useful when your environment requires going through a proxy to access external services. For example:`http://proxy.example.com:8080`
+  <br >From IntelliJ IDEA Appearance & Behavior > System Settings > HTTP Proxy, you can configure a static proxy for all HTTP requests made by the plugin. This is useful when your environment requires going through a proxy to access external services. For example:`http://proxy.example.com:8080`
 
 ## Features
 
diff --git a/src/main/resources/META-INF/plugin.xml b/src/main/resources/META-INF/plugin.xml
@@ -20,10 +20,15 @@
     displaying the vulnerability report.
 <p>
     <b>IMPORTANT:</b>
-    <br>Currently, Dependency Analytics only supports projects that use Maven (<code>mvn</code>), and Node
-    (<code>npm</code>, <code>pnpm</code> or <code>yarn</code>), Golang (<code>go mod</code>) and Python (<code>pip</code>) ecosystems, and base images in
-    <code>Dockerfile</code>.
-    <br>In future releases, Red Hat plans to support other programming languages.
+    <br>Dependency Analytics supports multiple package managers:
+    <li>Maven (mvn)</li>
+    <li>NPM (npm)</li>
+    <li>PNPM (pnpm)</li>
+    <li>Yarn Berry and Classic (yarn)</li>
+    <li>Gradle Kotlin and Groovy (gradle)</li>
+    <li>Golang (go mod)</li>
+    <li>Python (pip) ecosystems, and base images in Dockerfile.</li>
+    <br>In future releases, Red Hat plans to support other package managers.</br>
 <p>
 
 <h2>Quick Start</h2>
@@ -34,14 +39,17 @@
         IDE's <code>PATH</code> environment.
     </li>
     <li>For Node projects, analyzing a <code>package.json</code> file, you must have one of the corresponding package manager <code>npm</code>, <code>pnpm</code> or <code>yarn</code> and
-        <code>node</code> binaries in your IDE's <code>PATH</code> environment.
+        <code>node</code> binaries in your IDE's <code>PATH</code> environment. It also requires a corresponding lock file to be present in order to analyze package.json files.
     </li>
     <li>For Golang projects, analyzing a <code>go.mod</code> file, you must have the <code>go</code> binary in your
         IDE's <code>PATH</code> environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition.
     </li>
     <li>For Python projects, analyzing a <code>requirements.txt</code> file, you must have the <code>python3</code> and
         <code>pip3</code> binaries in your IDE's <code>PATH</code> environment.
     </li>
+    <li>
+        For Gradle projects, analyzing a <code>build.gradle</code> file or <code>build.gradle.kts</code> file, you must have the <code>gradle</code> binary in your system's <code>PATH</code> environment.
+    </li>
     <li>For base images, analyzing a <code>Dockerfile</code>, you must have the <code><a
             href="https://github.com/anchore/syft?tab=readme-ov-file#installation" rel="noopener noreferrer"
             target="_blank">syft</a></code> and
@@ -114,6 +122,7 @@
         executable.
         <br>If the paths are not provided, your IDE's <code>PATH</code> environment will be used to locate the
         executables.
+        <br>It also requires a corresponding lock file to be present in order to analyze package.json files.
     </li>
     <li>
         <b>Golang</b>:
@@ -142,6 +151,13 @@
         dynamically instead. This feature cannot be enabled when <code>Strictly match package version</code> is
         selected.
     </li>
+    <li>
+        <b>Gradle</b>:
+        <br>Set the full path of the Gradle executable, which allows Exhort to locate and run the <code>gradle</code>
+        command to resolve dependencies for Gradle projects.
+        <br>By not setting a path to the gradle binary, IntelliJ IDEA uses its default path environment to locate
+        the file.
+    </li>
     <li>
         <b>Image</b>:
         <br>Set the full path of the Syft executable, which allows Exhort to locate and execute the <code>syft</code>
@@ -376,6 +392,12 @@
     <change-notes><![CDATA[
   <p><b>1.1.0</b></p>
   <p>Added support for Gradle manifest files.</p>
+  <p>Added support for Yarn.</p>
+  <p>Added support for PNPM.</p>
+  <p>Added support for Proxy setting(Static Proxy Configuration).</p>
+  <p>Enable using the Maven Wrapper.</p>
+  <p>No restart needed after installation.</p>
+  <p>Require a lock file to be present in order to analyze package.json files.</p>
   <p><b>1.0.0</b></p>
   <p>Added support for base image vulnerability scanning in Dockerfiles.</p>
   <p>Bumped Telemetry plugin to 1.1.0.</p>
