Open JLLeitschuh opened 3 years ago
Thanks for the information on the worker API. Not sure how quickly we can get to this. We do accept PRs...
What effort do you guys think it could be to start using worker API?
Honestly, the plugin itself isn't very big - most of the code is in ODC-core. If someone has time we accept PRs.
Describe the bug
The Gradle Plugin Author documentation states the following:
The DependencyCheck plugin pulls in quite a large dependency graph onto the build script classpath when applied.
Best practice is to move the logic of this plugin into a Gradle worker with an isolated/independent classpath. That way the dependencies for the core logic that this plugin provides is wholy isolated from other plugins applied to the build.
https://docs.gradle.org/current/userguide/worker_api.html
Using the worker API, the
org.owasp:dependency-check-core
dependency can be resolve on an isolated Gradle configuration. Thus,org.owasp:dependency-check-core
and it's dependents will exist on an independent classpath that won't cause conflicts with other plugins.Version of dependency-check used
6.1.2
To Reproduce Steps to reproduce the behavior:
./gradlew buildEnvironment