cyclonedx-gradle-plugin Dependencies Missing in Report when Using cyclonedx-gradle-plugin in Multi-Module Android Project

Dependencies Missing in Report when Using cyclonedx-gradle-plugin in Multi-Module Android Project

Open aeroxr1 opened this issue 5 months ago • 3 comments

I’m having issues using the cyclonedx-gradle-plugin in a multi-module project.

I am using the init.gradle script taken from the plugin’s GitHub page.

In addition, I’ve included skipConfigs as suggested in this issue:

When I run the following command:

.\gradlew --init-script .\init.gradle cyclonedxBom --info the reports are generated, but none of the dependencies are listed. For instance, Jackson doesn’t appear.

Why is this happening?

I’ve also created a sample project that replicates the issue. On the main branch, you’ll find the source with version catalogs, while the without_version_catalog branch contains the version with the versioning as-is. You can find the project here:

testAndroidSbom

Sep 10 '24 14:09 aeroxr1

cyclonedx-gradle-plugin cyclonedx-gradle-plugin copied to clipboard

Dependencies Missing in Report when Using cyclonedx-gradle-plugin in Multi-Module Android Project

cyclonedx-gradle-plugin
cyclonedx-gradle-plugin copied to clipboard