Feature Request: Fail build on Dependency-Track policy violations

[janitza-jafi]

What’s missing?
Add a new Gradle task, policyCheck, that uploads the SBOM (or waits for an existing upload), polls the Dependency-Track API for policy results, and fails the build when violations matching a user-defined status list are found.

Desired behaviour

dependencyTrackCompanion {
    policyCheck {
        timeout.set(60.seconds)          // wait for DT to finish evaluation
        failOn.set(listOf(FAIL, WARN))   // default = [FAIL]
    }
}

• timeout – max wait for policy evaluation (default 0 s).
• failOn – list of violation states that should break the build (INFO, WARN, FAIL; default FAIL).

Acceptance criteria

1. Task succeeds when no matching violations exist.
2. Task fails (exit 1) if at least one matching violation is present.
3. Console shows a short summary: counts per status plus links to the project.

Happy to contribute a PR if this fits the roadmap!

[nvima]

We're currently not planning to implement this feature ourselves.
However, if you'd like to contribute an additional task that checks project policies as described in the issue, we'd be happy to merge your pull request into the project, as long as it doesn't introduce breaking changes and the task/attributes are optional for other users.

Feel free to open a PR if you're interested in implementing this!