search

CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
https://cyclonedx.org/
Apache License 2.0
157 stars 74 forks source link

Dependencies Missing in Report when Using cyclonedx-gradle-plugin in Multi-Module Android Project #509

Open aeroxr1 opened 1 month ago

aeroxr1 commented 1 month ago

I’m having issues using the cyclonedx-gradle-plugin in a multi-module project.

I am using the init.gradle script taken from the plugin’s GitHub page.

init.gradle

In addition, I’ve included skipConfigs as suggested in this issue:

Issue

When I run the following command:

.\gradlew --init-script .\init.gradle cyclonedxBom --info the reports are generated, but none of the dependencies are listed. For instance, Jackson doesn’t appear.

Why is this happening?

I’ve also created a sample project that replicates the issue. On the main branch, you’ll find the source with version catalogs, while the without_version_catalog branch contains the version with the versioning as-is. You can find the project here:

testAndroidSbom

andreaschir commented 1 month ago

same problem here

riccardodini commented 1 month ago

I have the same problem. My project has multiple module and multiple flavours also.