cyclonedx-gradle-plugin icon indicating copy to clipboard operation
cyclonedx-gradle-plugin copied to clipboard
verified publisher icon CycloneDX

sub-projects use rootProject project metadata making them indistinguishable

Open officerNordberg opened this issue 4 years ago • 3 comments

I have a main project with 2 sub projects. All three of these boms have the same group name version and consequently the same purl. pkg:maven/my-group/[email protected] These should use their subProject settings.

my-root-project\
|- build\
|  |- reports\
|     |- bom.json
|- project1
|  |- build\
|     |- reports\
|        |- bom.json
|- project2
|  |- build\
|     |- reports\
|        |- bom.json

Expected purls:

I can't see a reason for this code below only using getProject().getRootProject() but if there's some legit reason for this, it should at least be configurable.

https://github.com/CycloneDX/cyclonedx-gradle-plugin/blob/7d7bead5711601b5792b723eff4f71f6df07295f/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java#L250-L264

officerNordberg avatar Nov 05 '21 02:11 officerNordberg

@stevespringett I have a fix for this in a fork, what's the process for getting eyes on this issue and then hopefully getting this into released code

officerNordberg avatar Nov 16 '21 16:11 officerNordberg

Fantastic @officerNordberg. Please submit a pull request and ideally a unit test for the changes.

stevespringett avatar Nov 16 '21 16:11 stevespringett

nudge

officerNordberg avatar Feb 02 '22 19:02 officerNordberg