Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/issue 421 #422

Merged
merged 8 commits into from
Aug 1, 2023
Merged

Fix/issue 421 #422

merged 8 commits into from
Aug 1, 2023

Conversation

ajmalab
Copy link
Contributor

@ajmalab ajmalab commented Jul 26, 2023

Fix for #421. This PR will make cdxgen ignore dependency constraints printed by gradle in the output in case a gradle.lockfile is present.

@ajmalab
decode encoded purl
81e4a92 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
revert decoding purl
f64a27a 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
fix double encoding of purl
555105d 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
address comments
9a50ad5 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
revert manual version bump
ec560ff 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
Merge branch 'master' of github.com:ajmalab/cdxgen
49f8126
@ajmalab
ignore dependency constraints in gradle output
ccc9859 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
remove test sbom
27e366d 
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
@ajmalab
Copy link
Contributor Author

ajmalab commented Jul 26, 2023

@prabhu Could you kindly review and merge please.

@prabhu
Copy link
Contributor

prabhu commented Jul 28, 2023

@ajmalab, Thank you so much for the contribution! Let me read about this strictly keyword on gradle since we are excluding components here, so want to be careful.

@prabhu
Copy link
Contributor

prabhu commented Jul 29, 2023

@cerrussell could you kindly review this PR and test with multiple gradle repos?

@cerrussell
Copy link
Contributor

@prabhu Seems everything is included just rearranged based on my gradle test repos... here's the boms generated for gradle-git-scm-plugin.
cdxgen 9.3.0
pr

@prabhu
Copy link
Contributor

prabhu commented Jul 31, 2023

@cerrussell please feel free to approve and merge once you are happy

@cerrussell cerrussell merged commit 476e506 into CycloneDX:master Aug 1, 2023
3 checks passed
@ajmalab ajmalab mentioned this pull request Aug 1, 2023
Merged
@cerrussell cerrussell linked an issue Aug 1, 2023 that may be closed by this pull request
[Gradle] Inaccurate dependencies section in projects with gradle.lockfile #421
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Gradle] Inaccurate dependencies section in projects with gradle.lockfile
3 participants
@ajmalab @prabhu @cerrussell