Builds on CircleCI:
Checked on Sonarcloud:
| Gradle Version | Latest successfully tested Release |
|---|---|
| 4.8 to 4.10.2 | 1.3.0 |
| 5.0 to 6.8.2 | 2.2.0 |
Include this plugin in your root project. Visit this plugin's page on plugins.gradle.org for more information.
plugins {
id "de.acetous.dependency-compliance" version "2.1.0"
}
The plugin will always check all subprojects in your build.
> gradlew dependencyComplianceList
You can generate a JSON-report of included libraries and repositories. The task will create or update the file
dependency-compliance-report.json.
> gradlew dependencyComplianceExport
You can check the current dependencies and repositories against a previous exported report.
> gradlew dependencyComplianceCheck
This will check for additional dependencies and repositories and fail the build. Commit the
dependency-compliance-report.json to your repository and run this task in your CI environment. If any developer
introduces a new dependency or repository he will need to update the report file or your CI build will fail. You can
always check which dependencies were introduced by checking the history of that file.
You may want to ignore some dependencies, maybe in case of own libraries you use. Add ignored libraries with the ignore option
to your configuration. Your can ignore specific versions (e.g. junit:junit:4.12), an artifact of any version (e.g. junit:junit:*)
or whole groups (e.g. junit:*:*).
| Task | Description |
|---|---|
dependencyComplianceList |
Print the report to the build's log. |
dependencyComplianceExport |
Export the report. |
dependencyComplianceCheck |
Check the project's current state against a given report. |
Example:
dependencyCompliance {
outputFile = file('my-custom-report-file.json')
ignore = [
'org.assertj:*:*',
'com.google.code.gson:gson:*',
'junit:junit:4.12',
]
}
| Parameter | Default | Description |
|---|---|---|
outputFile |
dependency-compliance-report.json |
Filename / location of the export file. Used by the export- and check-task. |
ignore |
[] |
Ignored dependencies as list. Entries should be strings in format group:artifact:version. The artifact and version can be a wildcard (*). |
ignoreMavenLocal |
false |
Ignore the local Maven repository. This is useful if you use this repo and run the check task in your CI environment. |
Feel free to open issues for new ideas and submit pull requests when adding features.
This repository contains the plugin and a sandbox project for manual tests when editing the plugin.
This is the actual plugin. Run some integration tests via:
> cd gradle-require-dependency-compliance-plugin
> gradlew check
This is a demo project which uses the plugin. The plugin is included in this build in order to test changes without the need to deploy the plugin first. Run your manual tests here. You can change the sandbox project to demonstrate new features.
> cd plugin-sandbox
> gradlew dependencyComplicanceList
- upd publishing to Gradle Plugin Portal
- tested with Gradle 6.8.2
- dependency updates for plugin publishing
- tested with Gradle 6.0.1
- compatible with Gradle 5.0 up to 5.6.4
- add info about existing versions to task
dependencyComlianceCheckcommons-io:commons-io:2.4 - existing versions: 2.3
- dependencies are now sorted for better readability
- add
ignoreMavenLocaloption
- add
ignoreoption
- Initial Release