From mobile apps to microservices, from small startups to big enterprises, Gradle helps teams build, automate and deliver better software, faster.

Gradle Community

Do you want to do that "ad-hoc", or in a dedicated task?

If you want to check "ad-hoc" what is declare in the build files, you can use the `withDependencies`  hook.

As usual, I have an example :wink: This checks that there are no versions defined directly on dependencies:
<https://github.com/jjohannes/gradle-project-setup-howto/blob/main/gradle/plugins/dependency-analysis-plugins/src/main/kotlin/org.example.dependency-analysis-project.gradle.kts#L13-L37|https://github.com/jjohannes/gradle-project-setup-howto/blob/main/gradle/plugins/d[…]/main/kotlin/org.example.dependency-analysis-project.gradle.kts>

<@U023HSZL88M> Thanks! Do the `withDependencies` hook and the `resolutionStrategy` hook run in a defined order? (edit: does it even matter?)

Because as separate task should also not be a problem.
You would probably create a detached configuration, extend it from all other configurations, set it to non-transitive and have the result to validate.
Well, it will be conflict resolved that way, so maybe better one detached configuration per configuration to validate.

I think in this case the ad hoc solution is preferable, due to lower complexity; I'm not aware of any reason why I would want to defer any of this work to the execution phase or model it as a task.

My read of the documentation is that `withDependencies` runs before the configuration participates in dependency resolution, and therefore it runs before any `resolutionStrategy`.

To not spend the time on every build and be able to dedicatedly check it. :slightly_smiling_face:

&gt; `withDependencies` runs before the configuration participates in dependency resolution, and therefore it runs before any `resolutionStrategy`.
Yes that's correct. `withDependencies` directly checks what is declared and also allows you to add additional dependencies "lat minute" (i.e. right before the dependency resolution starts). This is what it was mainly introduced for.

The `resolutionStrategy` things work on the "resolution result" and are usually for modifying that result "last minute" (i.e. after all resolution was done, but right before it is passed to a task etc.)

For doing analysis on the "resolution result", I would usually do that in a task (or in an additional doFirst() of an existing task). For this I would look at the result in `Configuration.incoming.resolutionResult` . But I think that's not what you need/want in this case.

I also think just looking at the declared dependencies in  `withDependencies` is cheap enough to always do it. As there is no dependency resolution or anything going on. You just look at the "plain data" put into the build scripts. But maybe there is a measurable impact in very large builds that can be an issue. I would just give it a try.

I also _think_ this might be cached if you use the configuration cache