search

CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
https://cyclonedx.org/
Apache License 2.0
155 stars 73 forks source link

Automatically skip unsupported configurations for Android projects #478

Open skhokhlov opened 1 month ago

skhokhlov commented 1 month ago

We have tons of issues related to running this plugin with Android projects.

For most of them the solution is to skip some configurations which cannot be handled by the plugin for some reason.

Sample error log:

marckto@M412K93C97 test1 % gradle cyclonedx
Starting a Gradle Daemon (subsequent builds will be faster)

> Task :cyclonedxBom
An unexpected issue occurred attempting to create a PackageURL for :My Application:unspecified
An unexpected issue occurred attempting to create a PackageURL for :My Application:unspecified
An unexpected issue occurred attempting to create a PackageURL for :My Application:unspecified
An unexpected issue occurred attempting to create a PackageURL for :My Application:unspecified

> Task :cyclonedxBom FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':cyclonedxBom'.
> The consumer was configured to find an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app:
    - Configuration ':app:debugApiElements' variant android-base-module-metadata declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-base-module-metadata' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-feature-all-metadata declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-feature-all-metadata' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-feature-res-ap_ declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-feature-res-ap_' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-feature-signing-config-data declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-feature-signing-config-data' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-feature-signing-config-versions declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-feature-signing-config-versions' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-java-res declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-java-res' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':app:debugApiElements' variant android-manifest-metadata declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.3.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-manifest-metadata' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 7s
1 actionable task: 1 executed

Sample workaround:

cyclonedxBom {
        // skipConfigs is a list of configuration names to exclude when generating the BOM
        skipConfigs = [
            "debugCompileClasspath",
            "debugAndroidTestCompileClasspath",
            "debugUnitTestCompileClasspath",
            "debugUnitTestRuntimeClasspath",
            "debugApiElements",
            "debugRuntimeElements",

            "alphaReleaseApiElements",
            "alphaReleaseAndroidTestCompileClasspath",
            "alphaReleaseUnitTestCompileClasspath",
            "alphaReleaseUnitTestRuntimeClasspath",
            "alphaReleaseApiElements",
            "alphaReleaseRuntimeElements",

            "fdroidDebugApiElements",
            "fdroidDebugAndroidTestCompileClasspath",
            "fdroidDebugUnitTestCompileClasspath",
            "fdroidDebugUnitTestRuntimeClasspath",
            "fdroidDebugApiElements",
            "fdroidDebugRuntimeElements",

            "fdroidReleaseApiElements",
            "fdroidReleaseAndroidTestCompileClasspath",
            "fdroidReleaseUnitTestCompileClasspath",
            "fdroidReleaseUnitTestRuntimeClasspath",
            "fdroidReleaseApiElements",
            "fdroidReleaseRuntimeElements",

            "devDebugApiElements",
            "devDebugAndroidTestCompileClasspath",
            "devDebugUnitTestCompileClasspath",
            "devDebugUnitTestRuntimeClasspath",
            "devDebugApiElements",
            "devDebugRuntimeElements",

            "prodDebugApiElements",
            "prodDebugAndroidTestCompileClasspath",
            "prodDebugUnitTestCompileClasspath",
            "prodDebugUnitTestRuntimeClasspath",
            "prodDebugApiElements",
            "prodDebugRuntimeElements",

            "betaReleaseApiElements",
            "betaReleaseAndroidTestCompileClasspath",
            "betaReleaseUnitTestCompileClasspath",
            "betaReleaseUnitTestRuntimeClasspath",
            "betaReleaseApiElements",
            "betaReleaseRuntimeElements",

            "prodReleaseApiElements",
            "prodReleaseAndroidTestCompileClasspath",
            "prodReleaseUnitTestCompileClasspath",
            "prodReleaseUnitTestRuntimeClasspath",
            "prodReleaseApiElements",
            "prodReleaseRuntimeElements",

            "customReleaseApiElements",
            "customReleaseAndroidTestCompileClasspath",
            "customReleaseUnitTestCompileClasspath",
            "customReleaseUnitTestRuntimeClasspath",
            "customReleaseApiElements",
            "customReleaseRuntimeElements",

            "devReleaseApiElements",
            "devReleaseAndroidTestCompileClasspath",
            "devReleaseUnitTestCompileClasspath",
            "devReleaseUnitTestRuntimeClasspath",
            "devReleaseApiElements",
            "devReleaseRuntimeElements",

            "betaDebugApiElements",
            "betaDebugAndroidTestCompileClasspath",
            "betaDebugUnitTestCompileClasspath",
            "betaDebugUnitTestRuntimeClasspath",
            "betaDebugApiElements",
            "betaDebugRuntimeElements",

            "customDebugApiElements",
            "customDebugAndroidTestCompileClasspath",
            "customDebugUnitTestCompileClasspath",
            "customDebugUnitTestRuntimeClasspath",
            "customDebugApiElements",
            "customDebugRuntimeElements",

            "alphaDebugApiElements",
            "alphaDebugAndroidTestCompileClasspath",
            "alphaDebugUnitTestCompileClasspath",
            "alphaDebugUnitTestRuntimeClasspath",
            "alphaDebugApiElements",
            "alphaDebugRuntimeElements",

            "releaseUnitTestCompileClasspath",
            "releaseUnitTestRuntimeClasspath",
            "releaseApiElements",
            "releaseRuntimeElements",
        ]
    }
slowcar commented 1 month ago

I had to exclude the following, some of them are not in the list above: skipConfigs = ["debugCompileClasspath", "debugAndroidTestCompileClasspath", "debugUnitTestCompileClasspath", "releaseUnitTestCompileClasspath", "debugUnitTestRuntimeClasspath", "releaseUnitTestRuntimeClasspath", "testReleaseDependencySources", "androidTestDependencySources", "debugUnitTestDependencySources", "testDebugDependencySources", "debugAndroidTestDependencySources", "androidTestDebugDependencySources", "releaseUnitTestDependencySources", "releaseDependencySources", "debugDependencySources"]

Azulath commented 1 month ago

Edit: I got it working by configuration: "default" to every implementation project(...) call.

I cannot seem to get this running with the workaround for the project I am working on.


> Task :app:cyclonedxBom FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:cyclonedxBom'.
> The consumer was configured to find a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.ProductFlavor:stage' with value 'acceptance', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app-testing:
    - Configuration ':app-testing:debugRuntimeElements' variant android-aar-metadata declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-aar-metadata' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-art-profile declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-art-profile' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app:debugRuntimeElements' variant android-assets declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-assets' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-classes-directory-Aorg.gradle.libraryelements=classes declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-classes-directory' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides its elements preferably in the form of class files but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-classes-jar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-classes-jar' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides its elements packaged as a jar but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-compiled-dependencies-resources declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-compiled-dependencies-resources' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-consumer-proguard-rules declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-consumer-proguard-rules' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-java-res declares a library for use during runtime, preferably optimized for Android, as well as attribute'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-java-res' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-jni declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-jni' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides its elements packaged as a jar but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-local-aar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint-local-aar' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-manifest declares a library for use during runtime, preferably optimized for Android, as well as attribute'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-manifest' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-navigation-json declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-navigation-json' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-public-res declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-public-res' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-res declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-res' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-symbol declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-symbol' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant android-symbol-with-package-name declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-symbol-with-package-name' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant jar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'jar' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides its elements packaged as a jar but the consumer didn't ask for it
    - Configuration ':app-testing:debugRuntimeElements' variant supported-locale-list declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'supported-locale-list' but the consumer didn't ask for it
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
  The following variants were also considered but didn't match the requested attributes:
    - Configuration ':app-testing:debugRuntimeElements' variant android-instrumentation-test-lint-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-instrumentation-test-lint-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-instrumentation-test-lint-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-instrumentation-test-lint-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-model-metadata-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-model-metadata declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-variant-dependencies-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-variant-dependencies-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-variant-dependencies-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-variant-dependencies-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-vital-lint-variant-dependencies-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-vital-lint-variant-dependencies-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-lint-vital-variant-dependencies-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-vital-variant-dependencies-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-unit-test-lint-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-unit-test-lint-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')
    - Configuration ':app-testing:debugRuntimeElements' variant android-unit-test-lint-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-unit-test-lint-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.3.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Incompatible because this component declares a component of category 'verification' and the consumer needed a library
        - Other compatible attribute:
            - Doesn't say anything about com.android.build.api.attributes.ProductFlavor:stage (required 'acceptance')

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.4/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD FAILED in 12s
3 actionable tasks: 1 executed, 2 up-to-date

This would be my cycloneDx configuration:

project(":app") {
  apply plugin:org.cyclonedx.gradle.CycloneDxPlugin
  cyclonedxBom {
    skipConfigs = [
      "debugApiElements",
      "releaseApiElements",
      "debugRuntimeElements",
      "releaseRuntimeElements",
      "debugCompileClasspath",
      "debugAndroidTestCompileClasspath",
      "debugUnitTestCompileClasspath",
      "releaseUnitTestCompileClasspath",
      "debugUnitTestRuntimeClasspath",
      "releaseUnitTestRuntimeClasspath",

      "app-testing:debugApiElements",
      "app-testing:releaseApiElements",
      "app-testing:debugRuntimeElements",
      ":app-testing:debugRuntimeElements",
      ":app-testing:debugApiElements",
      ":app-testing:",
      ":app-testing"
    ]
  }
}

It seems to be ignoring skipConfigs somehow since app-testing:debugRuntimeElements which is definitely included. Furthermore, I am almost certain there should not be a difference between app-testing:debugRuntimeElements and :app-testing:debugRuntimeElements, but after spending some time on this issue I just started copying the ones which were causing an error.

Additionally, it should be mentioned that at first I was using allprojects instead of project(":app") but this does not seem to make a difference.

Additionally, I tried to add my projects manually and add skipConfigs like so:

cyclonedxBom {
    projectType = "application"
    destination = file("build/reports")
    outputName = "bom"
    outputFormat = "json"
    includeConfigs = [
      "developmentDebug",
      "developmentDebugCompileClasspath",
      "developmentDebugRuntimeClasspath",
    ]
    skipConfigs = [

      "debugAndroidTestCompileClasspath",
      "debugApiElements",
      "debugCompileClasspath",
      "debugRuntimeElements",
      "debugtUnitTestCompileClasspath",
      "debugUnitTestRuntimeClasspath",

      "developmentAndroidTestCompileClasspath",
      "developmentApiElements",
      "developmentCompileClasspath",
      "developmentRuntimeElements",
      "developmentUnitTestCompileClasspath",
      "developmentUnitTestRuntimeClasspath",

      "developmentDebugAndroidTestCompileClasspath",
      "developmentDebugApiElements",
      "developmentDebugCompileClasspath",
      "developmentDebugRuntimeElements",
      "developmentDebugUnitTestCompileClasspath",
      "developmentDebugUnitTestRuntimeClasspath",

      "debugCompileClasspath",
      "debugAndroidTestCompileClasspath",
      "debugUnitTestCompileClasspath",
      "debugUnitTestRuntimeClasspath",
      "debugApiElements",
      "debugRuntimeElements",

      "alphaReleaseApiElements",
      "alphaReleaseAndroidTestCompileClasspath",
      "alphaReleaseUnitTestCompileClasspath",
      "alphaReleaseUnitTestRuntimeClasspath",
      "alphaReleaseApiElements",
      "alphaReleaseRuntimeElements",

      "fdroidDebugApiElements",
      "fdroidDebugAndroidTestCompileClasspath",
      "fdroidDebugUnitTestCompileClasspath",
      "fdroidDebugUnitTestRuntimeClasspath",
      "fdroidDebugApiElements",
      "fdroidDebugRuntimeElements",

      "fdroidReleaseApiElements",
      "fdroidReleaseAndroidTestCompileClasspath",
      "fdroidReleaseUnitTestCompileClasspath",
      "fdroidReleaseUnitTestRuntimeClasspath",
      "fdroidReleaseApiElements",
      "fdroidReleaseRuntimeElements",

      "devDebugApiElements",
      "devDebugAndroidTestCompileClasspath",
      "devDebugUnitTestCompileClasspath",
      "devDebugUnitTestRuntimeClasspath",
      "devDebugApiElements",
      "devDebugRuntimeElements",

      "prodDebugApiElements",
      "prodDebugAndroidTestCompileClasspath",
      "prodDebugUnitTestCompileClasspath",
      "prodDebugUnitTestRuntimeClasspath",
      "prodDebugApiElements",
      "prodDebugRuntimeElements",

      "betaReleaseApiElements",
      "betaReleaseAndroidTestCompileClasspath",
      "betaReleaseUnitTestCompileClasspath",
      "betaReleaseUnitTestRuntimeClasspath",
      "betaReleaseApiElements",
      "betaReleaseRuntimeElements",

      "prodReleaseApiElements",
      "prodReleaseAndroidTestCompileClasspath",
      "prodReleaseUnitTestCompileClasspath",
      "prodReleaseUnitTestRuntimeClasspath",
      "prodReleaseApiElements",
      "prodReleaseRuntimeElements",

      "customReleaseApiElements",
      "customReleaseAndroidTestCompileClasspath",
      "customReleaseUnitTestCompileClasspath",
      "customReleaseUnitTestRuntimeClasspath",
      "customReleaseApiElements",
      "customReleaseRuntimeElements",

      "devReleaseApiElements",
      "devReleaseAndroidTestCompileClasspath",
      "devReleaseUnitTestCompileClasspath",
      "devReleaseUnitTestRuntimeClasspath",
      "devReleaseApiElements",
      "devReleaseRuntimeElements",

      "betaDebugApiElements",
      "betaDebugAndroidTestCompileClasspath",
      "betaDebugUnitTestCompileClasspath",
      "betaDebugUnitTestRuntimeClasspath",
      "betaDebugApiElements",
      "betaDebugRuntimeElements",

      "customDebugApiElements",
      "customDebugAndroidTestCompileClasspath",
      "customDebugUnitTestCompileClasspath",
      "customDebugUnitTestRuntimeClasspath",
      "customDebugApiElements",
      "customDebugRuntimeElements",

      "alphaDebugApiElements",
      "alphaDebugAndroidTestCompileClasspath",
      "alphaDebugUnitTestCompileClasspath",
      "alphaDebugUnitTestRuntimeClasspath",
      "alphaDebugApiElements",
      "alphaDebugRuntimeElements",

      "releaseUnitTestCompileClasspath",
      "releaseUnitTestRuntimeClasspath",
      "releaseApiElements",
      "releaseRuntimeElements",
      "debugApiElements",
      "releaseApiElements",
      "debugRuntimeElements",
      "releaseRuntimeElements",
      "debugCompileClasspath",
      "debugAndroidTestCompileClasspath",
      "debugUnitTestCompileClasspath",
      "releaseUnitTestCompileClasspath",
      "debugUnitTestRuntimeClasspath",
      "releaseUnitTestRuntimeClasspath",
      "releaseSourcesElements",
      "debugSourcesElements"
      ]
    skipProjects = [
      "app-testing"
    ]
    }
}

But the error remains. If I comment out developmentDebugCompileClasspath in includeConfigs it works again, but the generated SBOM does not contain all expected dependencies.

aeroxr1 commented 2 weeks ago

Hi,

I have an Android multi-module project.

I'm using plugin version 1.8.2 because my project is still on Gradle 7.6.

I applied the skipConfigs settings you suggested in your post, but the error persists:

* What went wrong:
Execution failed for task ':myproject:cyclonedxBom'.
> Could not resolve all dependencies for configuration ':myproject:comprojectnameGoogleReleaseApiDependenciesMetadata'.
   > Could not resolve project :myprojectclientconfiguration.
     Required by:
         project :myproject
      > The consumer was configured to find a usage of 'kotlin-metadata' of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'common'. However we cannot choose between the following variants of project :myprojectclientconfiguration:
          - debugApiElements
          - releaseApiElements

this is my init.gradle script:

initscript {
  repositories {
    maven {
      url "https://plugins.gradle.org/m2/"
    }
  }
  dependencies {
    classpath "org.cyclonedx:cyclonedx-gradle-plugin:1.8.2"
  }
}

allprojects{
  apply plugin:org.cyclonedx.gradle.CycloneDxPlugin

cyclonedxBom {
    // includeConfigs is the list of configuration names to include when generating the BOM (leave empty to include every configuration), regex is supported
    //includeConfigs = ["compileClasspath", "releaseRuntimeClasspath"] 
    //skipConfigs = ["compileClasspath", "testCompileClasspath"]
    // skipProjects is a list of project names to exclude when generating the BOM
    //skipProjects = [rootProject.name, "yourTestSubProject"]
    // Specified the type of project being built. Defaults to 'library'
     skipConfigs = [
            "debugCompileClasspath",
            "debugAndroidTestCompileClasspath",
            "debugUnitTestCompileClasspath",
            "debugUnitTestRuntimeClasspath",
            "debugApiElements",
            "debugRuntimeElements",

            "alphaReleaseApiElements",
            "alphaReleaseAndroidTestCompileClasspath",
            "alphaReleaseUnitTestCompileClasspath",
            "alphaReleaseUnitTestRuntimeClasspath",
            "alphaReleaseApiElements",
            "alphaReleaseRuntimeElements",

            "fdroidDebugApiElements",
            "fdroidDebugAndroidTestCompileClasspath",
            "fdroidDebugUnitTestCompileClasspath",
            "fdroidDebugUnitTestRuntimeClasspath",
            "fdroidDebugApiElements",
            "fdroidDebugRuntimeElements",

            "fdroidReleaseApiElements",
            "fdroidReleaseAndroidTestCompileClasspath",
            "fdroidReleaseUnitTestCompileClasspath",
            "fdroidReleaseUnitTestRuntimeClasspath",
            "fdroidReleaseApiElements",
            "fdroidReleaseRuntimeElements",

            "devDebugApiElements",
            "devDebugAndroidTestCompileClasspath",
            "devDebugUnitTestCompileClasspath",
            "devDebugUnitTestRuntimeClasspath",
            "devDebugApiElements",
            "devDebugRuntimeElements",

            "prodDebugApiElements",
            "prodDebugAndroidTestCompileClasspath",
            "prodDebugUnitTestCompileClasspath",
            "prodDebugUnitTestRuntimeClasspath",
            "prodDebugApiElements",
            "prodDebugRuntimeElements",

            "betaReleaseApiElements",
            "betaReleaseAndroidTestCompileClasspath",
            "betaReleaseUnitTestCompileClasspath",
            "betaReleaseUnitTestRuntimeClasspath",
            "betaReleaseApiElements",
            "betaReleaseRuntimeElements",

            "prodReleaseApiElements",
            "prodReleaseAndroidTestCompileClasspath",
            "prodReleaseUnitTestCompileClasspath",
            "prodReleaseUnitTestRuntimeClasspath",
            "prodReleaseApiElements",
            "prodReleaseRuntimeElements",

            "customReleaseApiElements",
            "customReleaseAndroidTestCompileClasspath",
            "customReleaseUnitTestCompileClasspath",
            "customReleaseUnitTestRuntimeClasspath",
            "customReleaseApiElements",
            "customReleaseRuntimeElements",

            "devReleaseApiElements",
            "devReleaseAndroidTestCompileClasspath",
            "devReleaseUnitTestCompileClasspath",
            "devReleaseUnitTestRuntimeClasspath",
            "devReleaseApiElements",
            "devReleaseRuntimeElements",

            "betaDebugApiElements",
            "betaDebugAndroidTestCompileClasspath",
            "betaDebugUnitTestCompileClasspath",
            "betaDebugUnitTestRuntimeClasspath",
            "betaDebugApiElements",
            "betaDebugRuntimeElements",

            "customDebugApiElements",
            "customDebugAndroidTestCompileClasspath",
            "customDebugUnitTestCompileClasspath",
            "customDebugUnitTestRuntimeClasspath",
            "customDebugApiElements",
            "customDebugRuntimeElements",

            "alphaDebugApiElements",
            "alphaDebugAndroidTestCompileClasspath",
            "alphaDebugUnitTestCompileClasspath",
            "alphaDebugUnitTestRuntimeClasspath",
            "alphaDebugApiElements",
            "alphaDebugRuntimeElements",

            "releaseUnitTestCompileClasspath",
            "releaseUnitTestRuntimeClasspath",
            "releaseApiElements",
            "releaseRuntimeElements",

            "googleReleaseAndroidTestCompileClasspath",
            "googleReleaseUnitTestCompileClasspath",
            "googleReleaseUnitTestRuntimeClasspath",
            "googleReleaseApiElements",
            "googleReleaseRuntimeElements",

            "huaweiReleaseApiElements",
            "huaweiReleasendroidTestCompileClasspath",
            "huaweiReleaseUnitTestCompileClasspath",
            "huaweiReleaseUnitTestRuntimeClasspath",
            "huaweiReleaseApiElements",
            "huaweiReleaseRuntimeElements"

            "googleDebugApiElements",
            "googleDebugAndroidTestCompileClasspath",
            "googleDebugUnitTestCompileClasspath",
            "googleDebugUnitTestRuntimeClasspath",
            "googleDebugApiElements",
            "googleDebugRuntimeElements",

            "huaweiDebugApiElements",
            "huaweiDebugAndroidTestCompileClasspath",
            "huaweiDebugUnitTestCompileClasspath",
            "huaweiDebugUnitTestRuntimeClasspath",
            "huaweiDebugApiElements",
            "huaweiDebugRuntimeElements"
        ]

    projectType = "application"
    // Specified the version of the CycloneDX specification to use. Defaults to '1.5'
    schemaVersion = "1.5"
    // Boms destination directory. Defaults to 'build/reports'
    destination = file("build/reports")
    // The file name for the generated BOMs (before the file format suffix). Defaults to 'bom'
    outputName = "bom"
    // The file format generated, can be xml, json or all for generating both. Defaults to 'all'
    outputFormat = "json"
    // Exclude BOM Serial Number. Defaults to 'true'
    includeBomSerialNumber = false
    // Exclude License Text. Defaults to 'true'
    includeLicenseText = false
    // Override component version. Defaults to the project version
    //componentVersion = "2.0.0"

}
}

Do you have some suggestions ?