cyclonedx-gradle-plugin icon indicating copy to clipboard operation
cyclonedx-gradle-plugin copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

"Unable to resolve POM" for jars in flatDir repo

Open TheoLassonder opened this issue 1 year ago • 6 comments

We have some jars that can't be referenced from Maven but are instead in a flatDir repo:

plugins {
    id 'org.cyclonedx.bom' version '1.7.4'
}

cyclonedxBom {
    outputFormat = "json"
}

repositories {
    google()
    mavenCentral()
    flatDir { dirs "$rootProject.projectDir/libs" }
}

dependencies {
    implementation 'oracle:ojdbc11:19c' // Resolves to flatDir repo
}

But this errors when running the cyclonedx task:

$ ./gradlew cyclonedx

> Task :cyclonedxBom
An unexpected issue occurred attempting to create a PackageURL for :myproject:unspecified
Unable to resolve POM for oracle:ojdbc11:19c: org.gradle.api.internal.artifacts.ivyservice.DefaultLenientConfiguration$ArtifactResolveException: Could not resolve all files for configuration ':detachedConfiguration179'.

I'd expect an SBOM to still be created. For example cdxgen does create an SBOM for this project with no error.

Is there any way to make this work?

TheoLassonder avatar Jun 09 '23 01:06 TheoLassonder