Gradle setup instructions (for Java, Kotlin, and Scala)
gradle.lockfile
gradle.lockfile
Committing a gradle.lockfile
to your source control is the easiest way to use Socket with Gradle. If you haven't already, enable lockfiles in gradle via:
dependencyLocking.lockAllConfigurations()
Then run:
./gradlew dependencies --write-locks
and commit the generated gradle.lockfile
to source control. No extra setup is required!
CycloneDX
If you are unable to enable gradle.lockfile
s, then you can use the open source CycloneDX Gradle plugin to generate and commit an SBOM which Socket will scan.
You can run socket cdxgen --help
for details.
To setup a single CycloneDX file that can be checked in you can run:
socket cdxgen -t gradle -o socket-gradle.cdx.json --install-deps --lifecycle build
Alternatively the CLI has made it easier to generate manifest files using your local Gradle setup.
You can use socket manifest gradle --help
to get more information on how to run Gradle more directly. This will work for Gradle, Kotlin, and Scala projects that use Gradle (not sbt
, see Scala setup instructions for working with Scala's sbt
files).
After generating the manifest files you can use socket scan create
to create a report.
Updated about 12 hours ago