Comments (2)
Hi,
Would I be right in thinking this plugin makes use of MVN repo's API to search for dependency information? As comparing the API's JSON response for a dependency that the CycloneDX Gradle plugin can get license information for and one that it can't I can see that license info isn't returned all the time I.e.
org.skyscreamer:jsonassert:1.5.0 https://search.maven.org/artifact/org.skyscreamer/jsonassert/1.5.0/jar - this has license information in its JSON return and the CycloneDX plugin populates the license information in the SBOM
com.google.guava:guava:28.2-jre https://search.maven.org/artifact/com.google.guava/guava/28.2-jre/bundle - this doesn't have license information in its JSON return and the CycloneDX plugin doesn't populate the license information in the SBOM
from cyclonedx-gradle-plugin.
The plugin use the Maven API, it does not use the Maven Central REST API. Therefore it only looks at pom.xml and walks up to parent poms is resolved. This is similar to how the Maven plugin operates.
from cyclonedx-gradle-plugin.
Related Issues (20)
- Metadata component is missing entries for hashes etc
- Kotlin Script, Android Support? HOT 5
- Dependencies field is incomplete for POM artifacts in sbom file HOT 2
- Gradle 8.4: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized. HOT 5
- Version 1.8.0 and compatibility with java8 HOT 1
- Hello, I have encountered such an error, I do not know how to solve it HOT 3
- Plugin version 1.8.0 referencing version 1.7.4 in output HOT 1
- Version 1.8.0 doesn't actually produce SBOMs with 1.5 schema version HOT 1
- I made an error building the BOM table for multiple projects by using the --init-script option. I don't know what happened HOT 3
- Gradle configurations not being merged, resulting bom is made by a single random configuration
- I generated the SBOM error through init.gradle. Do you need to make any configuration changes? The error and configuration are as follows.
- Latest version 1.8.1 is not compatible with gradle 7.5.1. HOT 1
- Regex support for skipped and included configurations
- Capture Input Task Names and Extra Build Arguments in BOM
- Publish BOM files to Artifact repository with JAR file, like Maven plugin HOT 2
- Dependencies list is empty for :app module in Android project. HOT 1
- Android project: The BOM does not conform to the CycloneDX BOM standard HOT 4
- Cyclonedx version 1.7.3 causes "No signature of method: org.apache.maven.model.profile.activation.FileProfileActivator.setPathTranslator() is applicable for argument types: (org.apache.maven.model.path.DefaultPathTranslator) "
- Should default config include test scope? HOT 1
- buildEnvironment missing?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-gradle-plugin.