dependency-check-gradle
dependency-check-gradle copied to clipboard
Do not use "new File(...)"
In the AbstractAnalyze
class you use new File(...)
for the output directory.
This is sub-optimal, because for a relative path, this method constructs a file relative to the users work directory, which means the class behaves differently depending on where the build was started from.
You should use project.file(...)
(or depending on your minium Gradle version project.layout....
) to get a path realtive to the project directory instead, so that it always behaves properly, no matter where the build was started from.
@jeremylong this is also an issue when configuring a suppression file; the configured value for 'suppressionFile' is passed to new File(...) which works for me on Oracle's JDK but fails on OpenJDK which happens to use a different working directory.
Sorry this took me so long to get to: https://github.com/dependency-check/dependency-check-gradle/pull/287