snyksec
commented
3 years ago :tada: This PR is included in version 3.12.1 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Closed anthogez closed 3 years ago
snyksec
commented
3 years ago :tada: This PR is included in version 3.12.1 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Renamed snykConf to projectConfigs, to improve the readability
Created configsSuccessfullyResolved method that confirms if configs sets as canBeResolved=true, can be really resolved or not.
If there is an error now, while resolving configs set as canBeResolved=true, we are no longer blocking the scanning. We ignore those configs whose depGraph cannot be computed and move forward with the scanning process since it's not a snyk issue but a given gradle project resolution config caused by bad config or 3rd party gradle dependencies bad behaving.
By going into
test/fixtures/successful-scan-with-unresolved-custom-configs/build.gradleand runninggradle -q dependenciesyou will see the following message (pic below)This fixture emulates issue gradle/gradle#6854, where gradle cannot resolve incremental analysis configurations.
What does FAILED means? Means any dependency belonging to these configuratios failed to be resolved (compute depGraph)
Continue reading about failed resolution in Gradle Docs.. https://docs.gradle.org/current/userguide/viewing_debugging_dependencies.html#example_rendering_the_dependency_report_for_a_custom_configuration