Disable dependency verification during each task when resolving as pa…

…rt of SBOM generation. Signed-off-by: Kenneth J. Shackleton <[email protected]>
CycloneDX · Oct 21, 2024 · b21a4dd · b21a4dd
1 parent 7339718
commit b21a4dd
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java b/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java
@@ -547,6 +547,7 @@ private Map<String, org.cyclonedx.model.Dependency> buildDependencyGraph(
         }
         final Dependency pomDep = getProject().getDependencies().create(dependencyName + "@pom");
         final Configuration pomCfg = getProject().getConfigurations().detachedConfiguration(pomDep);
+        pomCfg.getResolutionStrategy().disableDependencyVerification();
 
         try {
             @Nullable final File pomFile = pomCfg.resolve().stream().findFirst().orElse(null);

diff --git a/src/main/java/org/cyclonedx/gradle/GradleAssistedMavenModelResolverImpl.java b/src/main/java/org/cyclonedx/gradle/GradleAssistedMavenModelResolverImpl.java
@@ -45,6 +45,7 @@ public ModelSource2 resolveModel(String groupId, String artifactId, String versi
         org.gradle.api.artifacts.Dependency dependency =
                 project.getDependencies().create(depNotation);
         Configuration config = project.getConfigurations().detachedConfiguration(dependency);
+        config.getResolutionStrategy().disableDependencyVerification();
 
         File pomXml = config.getSingleFile();
         return new ModelSource2() {