Java & Kotlin - Gradle, Maven and Bazel

  • 12 January 2023
  • 0 replies
  • 229 views

Debricked currently supports tracking Java/Kotlin dependencies via:

  • Gradle, using build.gradle and build.gradle.kts files

  • Maven, using pom.xml files

  • Bazel, using WORKSPACE files

Gradle

For the fastest and most accurate results, a file containing the resolved dependency tree, .debricked-gradle-dependencies.txt, has to be created prior to scanning.

This can be done by running Gradle dependencies command and storing the output in .debricked-gradle-dependencies.txt.

gradle dependencies > .debricked-gradle-dependencies.txt

Every .debricked-gradle-dependencies.txt file must be put in the same directory as the corresponding build.gradle (recommended) or build.gradle.kts.

Check out our Gradle CI templates to learn how to set it up.

Maven

For the fastest and most accurate results, a file containing the resolved dependency tree, .debricked-maven-dependencies.tgf, has to be created prior to scanning.

This can be done by running Maven dependency:tree plugin and storing the output in a .debricked-maven-dependencies.tgf file.

mvn dependency:tree -DoutputFile=.debricked-maven-dependencies.tgf -DoutputType=tgf

Every .debricked-maven-dependencies.tgf must be put in the same directory as the corresponding pom.xml.

Check out our Maven CI templates to learn how to set it up.

Bazel

We also support Java projects using Bazel, where we scan the WORKSPACE file format in addition to any Java file formats being used.
 

Supported file formats and features:

Language

Package Manager

Supported File Formats

Root dependencies 

Indirect dependencies

Dependency trees

Security Scanning

License Scanning

Root Fix

Java

Bazel

WORKSPACE

 

Gradle

build.gradle

build.gradle.kts

Maven

pom.xml

 

Have a look at the overview of all supported languages.


0 replies

Be the first to reply!

Reply