naXa stands with Ukraine
naXa stands with Ukraine

Reputation: 37974

Is Gradle build scan secure?

I think Gradle Build Scan is a nice feature. It would be super effective to cooperate with team on debugging a Gradle configuration by looking at a project build scan. But I'm not sure if I may publish scans of a private project.

Does Gradle collect any secrets when publishing a build scan? Anything specific to worry about?

Upvotes: 15

Views: 5940

Answers (1)

Cisco
Cisco

Reputation: 23042

But I'm not sure if I may publish scans of a private project.

If it's a private project, like proprietary, then I'd suggest Gradle Enterprise for extra privacy assurance. Otherwise, you will need to remember to delete the public build scan when finished.

Does Gradle collect any secrets when publishing a build scan?

A build scan collects the following information of your Gradle project:

https://docs.gradle.com/enterprise/gradle-plugin/#captured_information

You will need to do your own due diligence to make sure no secrets that you have in your project fall into any of the captured information.

Upvotes: 11

Related Questions