Gradle wrapper jar not recognized by Gradle Wrapper Validation Action #458
Comments
helloncode
changed the title
|
Hey @helloncode thanks for this. We put up a PR to update the wrapper jar and add the validation action to our CI. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Braintree SDK Version
6.14.0
Environment
Production
Android Version & Device
No response
Braintree dependencies
None
Describe the bug
Security Vulnerability Report: gradle-wrapper.jar SHA256 Mismatch
Description:
We are currently maintaining a fork of this repository. Upon integrating a gradle wrapper validation action into our Continuous Integration (CI) process, we discovered an inconsistency with the
gradle-wrapper.jarfile present in this project. The SHA256 checksum of thegradle-wrapper.jarfile does not match the official checksum provided on the Gradle website. This discrepancy raises concerns regarding the integrity and security of the Gradle wrapper used in this project, potentially exposing it to security risks.To reproduce
Add
uses: gradle/wrapper-validation-action@v2to your gha workflow in order to check gradle wrapperExpected behavior
uses: gradle/wrapper-validation-action@v2shouldn't failsScreenshots
No response
The text was updated successfully, but these errors were encountered: