To achieve reproducible builds, it is necessary to lock versions of dependencies and transitive dependencies such that a build with the same inputs will always resolve the same module versions. This is called dependency locking.
Gradle supports an improved lock file format. The goal is to have only a single lock file per project, which contains the lock state for all configurations of said project. By default, the file is named gradle.lockfile and is located inside the project directory. The lock state for the buildscript itself is found in a file named buildscript-gradle.lockfile inside the project directory.
See: https://docs.gradle.org/current/userguide/dependency_resolution.html https://docs.gradle.org/6.4/userguide/dependency_locking.html
In Gradle 6.4 support for single lock file per project was added which will probably be the default mechanism in Gradle 7.0 https://docs.gradle.org/6.4/userguide/dependency_locking.html#single_lock_file_per_project