[Gradle] Relationship between sub-projects missing. #249
Comments
|
@ajmalab, I will think about a better identification logic for dependencies. |
|
I'm seeing this as well. The Maven plugin captures this, but cdxgen does not. |
|
@kito99, any sample projects you could share? |
|
Hey @prabhu unfortunately no, but if it becomes an issue on the project I can create one. Right now I don't think it'll be much of a problem. |
|
@kito99, even a public open-source one will tremendously help to fix this. |
|
Ok, I’ll see what I can do.
|
|
Not mine, but I think this project covers the case: https://github.com/t2y/gradle-multi-project-sample/ |
|
I just tried this out quickly and couldn't get to build.. I'm guessing my version of Gradle is too new. I can try again later, though. |
|
Thank you for sharing this project. I had to make few changes to make it build with latest java and gradle. |
|
@kito99 in your first comment did you mean "gradle" plugin or does the same issue exist in cdxgen with maven projects as well? |
|
@prabhu I meant that the Maven plugin does not have this issue. The Maven plugin works extremely well (with and without cdxgen). I stopped trying to use the Gradle plugin because it doesn't handle multi-module projects well at all, which is what led me to cdxgen. |
|
@kito99 I pushed some improvements for gradle recently. Will continue to iterate and let you know once this is done |
Hi,
If a project has 3 child projects A, B and C, and if B and C depend on A, this relationship is never captured, since the entire project is treated as a single entity and the external dependencies are the only ones that are captured.
Would be ideal if there was sub-project level granularity in the sbom. Like:
subProjectA:
dependsOn: [...]
subProjectB:
dependsOn:[subProjectA,..]
subProjectC:
dependsOn:[subProjectA,..]
and so on
The text was updated successfully, but these errors were encountered: