snyk / gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle
Other
20 stars 19 forks source link

The plugin should only download the CLI executable once #7

Closed bmuschko closed 6 months ago

bmuschko commented 3 years ago

Looking at the code in CliDownloader it seems like the plugin will download the executable every time you run one of its task independent of the fact that it might already exist on the local machine. This is extremely inefficient, leads to longer build times, and can introduce additional build failures.

bmvermeer commented 3 years ago

Not entirely true, If the cli is installed already and available system-wide it will not download the cli.

If there is no cli available on the system it will download the latest cli. Depending on the config the cli will be upgraded or not. If there is already a cli binary available for this project, this binary will be reused unless there is a newer version (depending on the config.

bmuschko commented 3 years ago

Can you point me to this check you mentioned? Maybe I missed that when I parsed through the code.