Allow to exclude internal repositories #11365
Unanswered
mkutz
asked this question in
Code Security
Replies: 1 comment 4 replies
-
I think it should work to configure the private dependencies as ignored, using the In some ecosystems this still causes issues when resolving the dependency tree, but for Gradle I don't believe this is the case. Lmk if that works or if you run into issues! |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
we are facing the following challenge:
For Maven we found the solution to put a prepared settings.xml into the self-hosted runner, so we don't need to configure it in the projects' pom.xml. However, we find that solution not ideal and we don't have such a solution for Gradle.
The way we see it, the easiest way would be to put a list of blocked repositories into .github/dependabot.yml, which would then not be scanned even when the are configured in pom.xml or build.gradle files.
Beta Was this translation helpful? Give feedback.
All reactions