Gradle setup instructions (for Java, Kotlin, and Scala)

Our preferred way for using Gradle is to use CycloneDX.

Use the open source CycloneDX Gradle plugin to generate and commit an SBOM which Socket will scan.

You can run socket cdxgen --help for details.

Alternatively the CLI has made it easier to generate manifest files using your local Gradle setup.

You can use socket manifest gradle --help to get more information on how to run Gradle more directly. This will work for Gradle, Kotlin, and Scala projects that use Gradle (not sbt, see Scala setup instructions for working with Scala's sbt files).

After generating the manifest files you can use socket scan create to create a report.