我试图为Flutter项目的Android部分创建一个BOM文件,用于安全扫描。
我添加了org.cyclonedx.bom
(gradle插件)到gradle,我正在运行cyclonedxBom
gradle任务,但我得到一个错误:
> Could not resolve all dependencies for configuration ':app:apiDependenciesMetadata'.
> Could not resolve project :flutter_udid.
Required by:
project :app
> The consumer was configured to find a usage of 'kotlin-metadata'Execution failed for task ':app:cyclonedxBom'. of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'common'. However we cannot choose between the following variants of project :flutter_udid:
- debugApiElements
- profileApiElements
- releaseApiElements
All of them match the consumer attributes:
- Variant 'debugApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug' but the consumer didn't ask for it
- Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it
- Variant 'profileApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'profile' but the consumer didn't ask for it
- Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'profile' but the consumer didn't ask for it
- Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it
- Variant 'releaseApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'release' but the consumer didn't ask for it
- Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'release' but the consumer didn't ask for it
- Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it
gradle中的依赖项看起来像
dependencies {
classpath 'com.android.tools.build:gradle:4.2.0'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
// Firebase
classpath 'com.google.gms:google-services:4.3.15'
classpath 'org.cyclonedx.bom:org.cyclonedx.bom.gradle.plugin:1.7.4'
}
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
// Firebase
apply plugin: 'com.google.gms.google-services'
// BOM generation https://github.com/CycloneDX/cyclonedx-gradle-plugin
apply plugin: 'org.cyclonedx.bom'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
如何配置项目以生成发布版本的BOM?
2条答案
按热度按时间pprl5pva1#
错误消息表明消费者(您的项目)无法解析:app:apiDependenciesMetadata配置的依赖项,特别是:flutter_udid模块。似乎org.cyclonedx.bom插件在确定要使用的flutter_udid模块的适当变体时遇到了困难。
要配置项目以生成发布版本的BOM表(BOM),可以在Gradle配置中指定所需的变体。将以下代码添加到应用的build.gradle文件中:
这个配置创建了一个名为releaseBomMetadata的新配置,它扩展了现有的apiElements配置。它对变体属性设置约束,以匹配flutter_udid模块的发布变体。
添加此配置后,您可以再次运行cyclonedxBom Gradle任务,它应该会生成发布版本的BOM。
注意:如果您希望使用不同的配置名称,请确保使用您选择的名称替换releaseBomMetadata。
33qvvth12#
如果您喜欢不同的名称,请将'releaseBomMetadata'替换为所需的配置名称。
在进行这些更改之后,尝试再次运行cyclonedxBom Gradle任务,它应该会生成发布版本的BOM,而不会出现之前的错误。