Skip to main content
Skip table of contents

Configuring the Unified Agent for Gradle

The following article will include best practices and configuration recommendations for using the Unified Agent to scan Gradle projects.

Best Practices

Before scanning a Gradle project, ensure the following for the most accurate results:

  1. You have Gradle installed on the machine on which you are running the Mend scan.

  2. The project can be built successfully on the machine where you are running the scan.

  3. Your project has a build.gradle file available for scanning.

  4. Your project has a gradle wrapper if applicable. 

Configuring UA Parameters

The following parameters should always be set to the following for the most accurate results:

gradle.resolveDependencies=true

Multi Module Parameters

gradle.aggregateModules - Set this to 'true' if you wish to aggregate all of your modules into one project.

gradle.innerModulesAsDependencies - Set this to false, if you want to ignore and exclude all the modules dependencies from the resolution scan.

gradle.includeModules - Set this to the exact modules you want to include.

gradle.excludeModules - Set this to the exact modules you want to exclude.

Additional Parameters

gradle.ignoreSourceFiles - Set to 'true' if you wish to ignore source files with extensions such as:".java", ".class".

gradle.preferredEnvironment - the default of this parameter is wrapper, which is set to improve the scan results and align to Gradle best practices

gradle.additionalArguments - Set to the parameters starting with '-' or '--' that you would like to be added to the end of the Gradle commands during the scan. For example, --refresh-dependencies

gradle.includedConfigurations - Set this to the dependency configurations you wish to include in the scan.

gradle.ignoredConfigurations - Set this to the dependency configurations you wish to ignore in the scan.

Frequently Asked Questions

When the Unified Agent scan runs why does it copy libraries to temp folders and the Gradle cache?

The Unified Agent completes the following in order to download the project's dependencies and scan the results:

For each build.gradle file that the Unified Agent finds:

  1. Unified Agent will copy the Gradle project to a temporary system folder

  2. Inside of each copied project's build.gradle file, the Unified Agent will add a task (named 'copyDependencies') in order to download the missing dependencies

  3. Unified Agent will run 'gradle copyDependencies' - this step will add the missing dependencies to the user's global cache

My project is taking too long to scan, is there a way to improve scan performance?

When the Unified Agent scan is running longer than expected, typically the Gradle pre-step and downloading of dependencies take up a significant portion of the scan time. To reduce scan time, we recommend that you ensure that all dependencies are available in the global cache prior to scanning. This will prevent the scan from needing to download missing dependencies.

My .jar files in the /target directory are not being scanned. Why not?

Beginning in Unified Agent v23.9.1, the /target folder is excluded from any Java scans. This change affects scans in Mend’s repository integrations as well. If you need to scan these files, please move them to a different directory.

Additional Resources

You can find more information about scanning Gradle projects in the following document:

Unified Agent - documentation on how to use the Unified Agent

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close