Comments (3)
I think I discovered a workaround. FWIW, it looks like Gradle / Android may have introduced more classpath configs in in versions >4 that cause these issues.
If you ignore the problematic configs, you'll get a (seemingly) complete SBOM:
// build.gradle
// Top-level build file where you can add configuration options common to all sub-projects/modules.
plugins {
id 'com.android.application' version '7.1.2' apply false
id 'com.android.library' version '7.1.2' apply false
id 'org.cyclonedx.bom' version '1.5.0'
}
cyclonedxBom {
skipConfigs += [
"debugCompileClasspath",
"debugAndroidTestCompileClasspath",
"debugUnitTestCompileClasspath",
"releaseUnitTestCompileClasspath",
"debugUnitTestRuntimeClasspath",
"releaseUnitTestRuntimeClasspath"
]
}
$ ./gradlew cyclonedxBom
...
BUILD SUCCESSFUL in 774ms
1 actionable task: 1 executed
☝️ This is with the default "Blank Activity" project in Android Studio. The resulting SBOM is here: https://gist.github.com/nscuro/442bd29dbcb4b1b55d55c2d610465533
I don't know enough of Gradle or Android to understand why these classpaths are problematic. But they don't seem necessary for SBOM generation. For the time being, skipping them appears to be an OK-ish workaround.
from cyclonedx-gradle-plugin.
Same for me, it would be nice if we could configure a variant build to run the boming process.
from cyclonedx-gradle-plugin.
Same for me with
Build #AI-211.7628.21.2111.8139111, built on February 1, 2022
Runtime version: 11.0.11+9-b60-7590822 amd64
VM: OpenJDK 64-Bit Server VM by Oracle Corporation
Windows 10 10.0
GC: G1 Young Generation, G1 Old Generation
Memory: 1280M
Cores: 8
Registry: external.system.auto.import.disabled=true
Non-Bundled Plugins: com.thoughtworks.gauge (211.6693.111), org.jetbrains.kotlin (211-1.6.10-release-923-AS7442.40), org.intellij.plugins.markdown (211.7142.37)
and
// Top-level build file where you can add configuration options common to all sub-projects/modules.
plugins {
id 'com.android.application' version '7.1.1' apply false
id 'com.android.library' version '7.1.1' apply false
id 'org.cyclonedx.bom' version "1.4.1"
}
task clean(type: Delete) {
delete rootProject.buildDir
}
I get this as a result:
gradlew cyclonedxBom
Welcome to Gradle 7.2!
Here are the highlights of this release:
- Toolchain support for Scala
- More cache hits when Java source files have platform-specific line endings
- More resilient remote HTTP build cache behavior
For more details see https://docs.gradle.org/7.2/release-notes.html
Starting a Gradle Daemon, 1 incompatible Daemon could not be reused, use --status for details
> Task :cyclonedxBom FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':cyclonedxBom'.
> Could not resolve all dependencies for configuration ':app:debugAndroidTestCompileClasspath'.
> The consumer was configured to find an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.
AgpVersionAttr' with value '7.1.1'. However we cannot choose between the following variants of project :app:
- Configuration ':app:debugApiElements' variant android-base-module-metadata declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.android.bu
ild.api.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-base-module-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-feature-all-metadata declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.android.bu
ild.api.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-all-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-feature-res-ap_ declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.android.build.a
pi.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-res-ap_' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-feature-signing-config-data declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.and
roid.build.api.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-signing-config-data' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-feature-signing-config-versions declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com
.android.build.api.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-signing-config-versions' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-java-res declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.android.build.api.attr
ibutes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-java-res' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
- Configuration ':app:debugApiElements' variant android-manifest-metadata declares an API of a component, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.1.1', attribute 'com.android.build
.api.attributes.BuildTypeAttr' with value 'debug':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-manifest-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Doesn't say anything about its target Java environment (preferred optimized for Android)
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/7.2/userguide/command_line_interface.html#sec:command_line_warnings
BUILD FAILED in 26s
1 actionable task: 1 executed
Here is the debug log.
from cyclonedx-gradle-plugin.
Related Issues (20)
- Gradle 8.4: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized. HOT 5
- Version 1.8.0 and compatibility with java8 HOT 1
- Hello, I have encountered such an error, I do not know how to solve it HOT 3
- Plugin version 1.8.0 referencing version 1.7.4 in output HOT 1
- Version 1.8.0 doesn't actually produce SBOMs with 1.5 schema version HOT 1
- I made an error building the BOM table for multiple projects by using the --init-script option. I don't know what happened HOT 3
- Gradle configurations not being merged, resulting bom is made by a single random configuration
- I generated the SBOM error through init.gradle. Do you need to make any configuration changes? The error and configuration are as follows.
- Latest version 1.8.1 is not compatible with gradle 7.5.1. HOT 1
- Regex support for skipped and included configurations
- Capture Input Task Names and Extra Build Arguments in BOM
- Publish BOM files to Artifact repository with JAR file, like Maven plugin HOT 2
- Dependencies list is empty for :app module in Android project. HOT 1
- Android project: The BOM does not conform to the CycloneDX BOM standard HOT 4
- Cyclonedx version 1.7.3 causes "No signature of method: org.apache.maven.model.profile.activation.FileProfileActivator.setPathTranslator() is applicable for argument types: (org.apache.maven.model.path.DefaultPathTranslator) "
- Should default config include test scope? HOT 1
- buildEnvironment missing?
- ProjectDependency are missing from the components section of the BOM
- Make this plugin work in another project
- XmlPullParserException when using with io.gatling.gradle:3.11.2 plugin HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-gradle-plugin.