fossa-cli icon indicating copy to clipboard operation
fossa-cli copied to clipboard

Published 20 hours ago verified publisher icon fossas

Consider gradle configurations for testFixtures as test dependencies

Open daniel-kr opened this issue 2 years ago • 3 comments

Hi,

by default, fossa excludes test dependencies which is great. For gradle builds, this is determined by a list of configurations that are considered as test dependencies. As far as I can see, this is specified in the https://github.com/fossas/fossa-cli/blob/master/src/Strategy/Gradle/Common.hs.

We are using the test fixture mechanism of Gradle in order to provide some API for test execution to other gradle modules.

Currently, fossa considers them as prod dependencies although they are test dependencies as well.

Would it be possible to add the gradle configurations testFixturesApi and testFixturesImplementation to the list of test configurations as well?

Kind Regards, Daniel

daniel-kr avatar Apr 28 '22 07:04 daniel-kr

Can you try again with v3.2.14? https://github.com/fossas/fossa-cli/releases/tag/v3.2.14

meghfossa avatar Apr 29 '22 22:04 meghfossa

Wow, that was quick. Thank you! Unfortunately, it somehow does not work for me. 🤔 I have specified testFixturesApi 'com.tngtech.archunit:archunit-junit4:0.14.1' in my build.gradle but it is still reported as a dependency in FOSSA. When I change it to testImplementation, it is not reported as a dependency. According to the output of the cli tool, I am using version 3.2.14

Scan Summary
[ INFO] ------------
[ INFO] fossa-cli version 3.2.14 (revision 693e703343c3 compiled with ghc-9.0)

daniel-kr avatar May 02 '22 08:05 daniel-kr

Interesting, can you provide an output of ./gradlew dependencies?

meghfossa avatar May 02 '22 14:05 meghfossa