CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
https://cyclonedx.org/
Apache License 2.0
160 stars 76 forks source link

Bill of materials (BOM) files (.pom files that use <dependencyManagement>) not supported #235

Open EdwardvanRaak opened 1 year ago

EdwardvanRaak commented 1 year ago

One of our dependencies uses a Firebase BOM which results in the following problems during creation of the SBOM.

Gradle:

  api platform(‘com.google.firebase:firebase-bom:25.4.1’)
  api ‘com.google.firebase:firebase-analytics’
  api ‘com.google.firebase:firebase-config’

Error:

org.apache.maven.model.building.ModelBuildingException: 2 problems were encountered while building the effective model for <ommited>
Error:  'dependencies.dependency.version' for com.google.firebase:firebase-analytics-ktx:jar is missing. @ 
Error:  'dependencies.dependency.version' for com.google.firebase:firebase-config-ktx:jar is missing. @

https://firebase.google.com/docs/android/learn-more#bom

nipanwar77 commented 4 weeks ago

We are also facing the same issue. Is there any timeline for the fix delivery?