https://gradle.com/ logo
Join Slack
Powered by
This message was deleted.
# community-support
s
This message was deleted.
s
Maybe you could leverage https://github.com/uklance/gradle-dependency-export/ to get the job done?
r
This seems a good starting point, thanks!
s
Other than that, you could also give https://github.com/oss-review-toolkit/ort I'm working on a try. It's meant to create SBOMs, but in fact what you want is somehting like an SOMB (that also contains the URLs to the dependencies and not just their coordinates).
I'm working on revamping the Gradle analysis in ORT as we speak.
r
hey cool project! But ORT it seems to be very powerful but also very complex: I was hoping for a lightweight gradle plugin that I can easily run like any gradle tasks. Dependencies on Docker are a little out of scope for now...
s
ORT does not require Docker for Gradle project analysis. That's only required for other package managers / when doing more than just analysis.
r
I see, so I could just use the Gradle analysis to generate the BOM? Do you have an example of how the BOM looks like?
s
Here's an example, with the line highlighted you're probably interested in: https://github.com/oss-review-toolkit/ort/blob/68f4fa173a17666bb71dbc8dcbc320252e2[…]ssets/projects/synthetic/gradle-library-expected-output-app.yml. Note that this is ORT's internal "SBOM" format. If you want something common like SPDX or CycloneDX, you'd have to also use the reporter tool.
r
Yep, this output seems to contain the URLs I'm looking for. Does it have also the plugins from 
gradlePluginPortal()
needed during the build, but not included in the artifacts?
s
No. That's indeed a problem regarding your use-case. We focus on runtime dependencies (sort of); Gradle plugins required during the build are out of scope for us.
r
mmm yeah, than I have to keep searching 😞 what about 
gradle-dependency-export
? does that take into account also the gradle plugins?
s
I don't know. I've never used it myself, only looked at its source code partly.
r
I'll try it out, thanks!
@Sebastian Schuberth I'm trying to run the plugin but it complains about some Javadoc stuff, even if I set it to not exporting it, so I decide to get the code and try to see if I can get these dependencies but I'm stuck here:
Copy code
val componentIds = config.incoming.resolutionResult.allDependencies.map { it.selected.id }
https://github.com/uklance/gradle-dependency-export/blob/master/src/main/groovy/com/lazan/dependency/export/MavenDependencyExport.groovy#L110 
selected
doesn't seem to be there anymore and I have no clue where to find it, the code is 4 years old so maybe this was moved in recent versions of Gradle. Do you know perhaps where I can find this 
selected
?
s
You probably need to cast 
it
to 
ResolvedDependencyResult
beforehand.
selected
is still there then.
r
oh you are right! thanks a lot!
hey sorry to bother again but I'm not really familiar with Gradle plugins and, since you are and already looked at this code... Would you say that these 4 fields are all 
@Input
or are the something else? https://github.com/uklance/gradle-dependency-export/blob/master/src/main/groovy/com/lazan/dependency/export/MavenDependencyExport.groovy#L24
Copy code
class MavenDependencyExport extends DefaultTask {
	public Collection<Configuration> configurations = new LinkedHashSet<>()
	public Map<String, Object> systemProperties = System.getProperties()
	boolean exportSources
	boolean exportJavadoc
s
Sorry, I'm not very familiar with Gradle plugin development per se.
r
no worries, thanks anyway 🙂
9 Views
Open in Slack
PreviousNext
Powered by