dependency-check-gradle icon indicating copy to clipboard operation
dependency-check-gradle copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

Do not use "new File(...)"

Open Vampire opened this issue 4 years ago • 1 comments

In the AbstractAnalyze class you use new File(...) for the output directory. This is sub-optimal, because for a relative path, this method constructs a file relative to the users work directory, which means the class behaves differently depending on where the build was started from. You should use project.file(...) (or depending on your minium Gradle version project.layout....) to get a path realtive to the project directory instead, so that it always behaves properly, no matter where the build was started from.

Vampire avatar Jan 10 '20 15:01 Vampire

@jeremylong this is also an issue when configuring a suppression file; the configured value for 'suppressionFile' is passed to new File(...) which works for me on Oracle's JDK but fails on OpenJDK which happens to use a different working directory.

banderous avatar Feb 14 '22 10:02 banderous

Sorry this took me so long to get to: https://github.com/dependency-check/dependency-check-gradle/pull/287

jeremylong avatar Nov 04 '22 09:11 jeremylong