Gradle dependencyCheck: Only check dependencies that are used in the app (skip test "scope")?
46 views
Skip to first unread message
Bram
Sep 30, 2015, 2:37:43 AM9/30/15
to Dependency Check
Hello,
We currently use the Gradle dependencyCheck plug-in for an Android project. The problem is that the checker flags libraries with CVE's that are only used by unit test plug-ins, they don't end up in the actual application.
We currently use the Gradle dependencyCheck plug-in for an Android project. The problem is that the checker flags libraries with CVE's that are only used by unit test plug-ins, they don't end up in the actual application.
Is there a way to configure the plug-in to only check decencies actually used by the application itself and skip all testCompile libraries?
Jeremy Long
Sep 30, 2015, 6:16:21 AM9/30/15
to Bram, Dependency Check
Unfortunately, the gradle plugin is still a bit behind the Maven plugin. It should be easy to add this functionality; consider opening an issue on the github repo: https://github.com/jeremylong/DependencyCheck/issues
--jeremy--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bram Klein Gunnewiek
Sep 30, 2015, 6:19:50 AM9/30/15
to Jeremy Long, Dependency Check
Thanks for the quick reply. I opened a Github issue!
Reply all
Reply to author
Forward
0 new messages