[FR]: Gradle Repository Potential Security and Reproducibility Risk #1558

SeanZoR · 2024-07-25T15:22:27Z

Is there an existing issue for this?

I have searched the existing issues

Describe the problem

The current root settings.gradle.kts setup poses a potential security and reproducibility risk due to the unrestricted access to repositories. The order of repository declarations matters as Gradle resolves dependencies in the order listed, leading to unintended artifacts being included if not properly managed.

Example Case:
The com.jraska.module.graph.assertion artifact is found in gradlePluginPortal() but not in mavenCentral(). Without proper filtering, new artifacts in mavenCentral() could unintentionally break or alter the build.

Current Configuration:

pluginManagement {
    repositories {
        google()
        mavenCentral()
        gradlePluginPortal()
    }
}

Describe the solution

implement content filtering to restrict the scope of artifacts from each repository.

Additional context

No response

Code of Conduct

I agree to follow this project's Code of Conduct

The text was updated successfully, but these errors were encountered:

SeanZoR added the enhancement New feature or request label Jul 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FR]: Gradle Repository Potential Security and Reproducibility Risk #1558

[FR]: Gradle Repository Potential Security and Reproducibility Risk #1558

SeanZoR commented Jul 25, 2024 •

edited

Loading

[FR]: Gradle Repository Potential Security and Reproducibility Risk #1558

[FR]: Gradle Repository Potential Security and Reproducibility Risk #1558

Comments

SeanZoR commented Jul 25, 2024 • edited Loading

Is there an existing issue for this?

Describe the problem

Describe the solution

Additional context

Code of Conduct

SeanZoR commented Jul 25, 2024 •

edited

Loading