Skip to main content

Kotlin (Beta)

This article shows you how to analyze your applications written in Kotlin using preZero. It assumes that you have already set up and authenticated with Qwiet.


See Prerequisites for more information.

In addition to the prerequisites, the Kotlin analyzer requires that the dependencies of the project to be scanned are available in a folder. For the task of gathering these dependencies, we provide a Gradle plugin.

Using the Gradle plugin consists of two steps:

1) Setup of the plugin

2) Execution of the Gradle task defined by the plugin

The setup of the plugin is the same as it is for any other Gradle plugin. Gradle's official documentation provides more information. Moreover, example code can be found on the plugin's GitHub page.

The execution of the Gradle task defined by the plugin (gatherDependencies) is also standard. Run ./gradlew gatherDependencies and dependencies will be placed into a folder like $PROJECT_ROOT/build/gatheredDependencies.

Analyzing your Kotlin application

To analyze your Kotlin application, run:

sl analyze --app <name> --kotlin <path> -- --classpath 'build/gatheredDependencies'
--app <name>The name of the application to be analyzed (maximum length: 100 characters)
--kotlinThe flag identifying the application's language
<path>The location of the application's parent source directory

See the CLI reference for additional sl analyze options.

The analysis accepts additional parameters after a double hyphen --.

sl analyze --app <name> --kotlin [<path>] -- --download-dependencies --ignore-path <path>
--classpath <path>The flag that adds a path to the folder where your dependency jars are (e.g., if your dependency jars are in /tmp jars, you could provide this to sl analyze using --classpath /tmp/jars). Can be used more than once.
--download-dependenciesThe flag that triggers a download of the project's dependencies using Gradle or Maven
--gradle-configuration-name <name>The Gradle configuration name to be used when downloading dependencies. (defaults to releaseCompileClasspath if none provided)
--gradle-project-name <name>The Gradle project name to be used when downloading dependencies. (defaults to app if none provided)
--ignore-path <path>The flag that adds a path to the list of directories which will be ignored during analyses. Can be used more than once.

If you would like to use preZero to scan non-Android applications written in Kotlin (i.e., backend services) or applications written in both Java and Kotlin, please contact Qwiet's customer support team for further assistance.

Tagging results with your branch name

To include the branch name in your preZero results, allowing you to distinguish one set of results from another, add the following to your invocation of Qwiet:

sl analyze --tag branch=`git symbolic-ref --short HEAD`

If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }} to populate your branch name.

If you don't provide a branch name, but Qwiet detects one available in your environment, it will use that name.