Мобильная версияMy project is completely Gradle (structure is that my root project has multiple sub projects and a few sub projects depend on few other sub projects).
I applied the cyclonedxBom plugin to all the sub projects (included this plugin in the build.gradle of each sub project) like indicated below.
plugin { id 'org.cyclonedx.bom' version "1.8.2" } When I am executing the command ./gradlew cyclonedxBom, I see that the sbom files are generated (both xml and json) for all the sub projects.
However, I see a few errors on the console like below that mentions multiple sub projects.
Unable to resolve POM for com.myproject.sub-project-1:24.1.0-SNAPSHOT After searching for a few hints on the web, I came across this git issue https://github.com/CycloneDX/cyclonedx- ... issues/321 which sounds similar to mine. I tried to use the plugin version 1.8.2 as mentioned in the git issue (I was using 1.8.1 earlier), but I still see these errors.
- I am curious to know why and how the gradle plugin is looking for a pom file for a completely gradle project.
- Is there any impact to the sbom generation (whether all the dependencies are included properly in the output file or not)?
Any pointers here are appreciated.
Источник: https://stackoverflow.com/questions/781 ... esolve-pom
