Task 'snykResolvedDepsJson' not found

[GuiSim]

• node -v:
  v11.10.0

• npm -v:
  6.7.0

• snyk -v:
  1.143.0

• Command run:

Expected behaviour

(Running on my own project, with snyk v1.130.0)

Tested 212 dependencies for known issues, found 1 issue, 1 vulnerable path.

Actual behaviour

FAILURE: Build failed with an exception.

* What went wrong:
Task 'snykResolvedDepsJson' not found in project ':myproject'.

* Try:
Run gradlew tasks to get a list of available tasks. Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 5s

Steps to reproduce

Upgrade to the latest Snyk version and run snyk test

---

I suspect this was introduced with https://github.com/snyk/snyk/releases/tag/v1.142.0 , specifically this commit 04cf66d

[kyegupov]

@GuiSim hi, sorry to hear that. Is the project public? Can we see the *.gradle files? If the project is private, you can mail them to support@snyk.io

[GuiSim]

Sadly the project is not public and I'd like to avoid sending it to your team.
Let me see if I can reproduce on a smaller project.

[kyegupov]

@GuiSim meanwhile, can you tell us your Gradle version, OS and whether you are using Gradle Wrapper?

[lbourdages]

We get the same issue using the docker snyk/snyk-cli:gradle-4.4. Our gradle wrapper has version 5.1.1.

[lili2311]

Completely understand about project being private, is there anything you can craft stripped down that can show the error happening? Having trouble replicating this at the moment.

Could you please confirm if this executes successfully:

./gradlew snykResolvedDepsJson -q --build-file build.gradle -I /path/to/snyk-gradle-plugin/lib/init.gradle executed in the root of your project where gradlew is

Here is the init.gradle: https://github.com/snyk/snyk-gradle-plugin/blob/master/lib/init.gradle

[GuiSim]

I'm not using the wrapper

------------------------------------------------------------
Gradle 5.1.1
------------------------------------------------------------

Build time:   2019-01-10 23:05:02 UTC
Revision:     3c9abb645fb83932c44e8610642393ad62116807

Kotlin DSL:   1.1.1
Kotlin:       1.3.11
Groovy:       2.5.4
Ant:          Apache Ant(TM) version 1.9.13 compiled on July 10 2018
JVM:          11.0.2 (Oracle Corporation 11.0.2+9)
OS:           Mac OS X 10.14.3 x86_64

[GuiSim]

I was able to reproduce this with a stripped down project. I sent it to support@snyk.io.

[lili2311]

Received thanks!

[lili2311]

So after getting my environment to java 11 and gradle 5, I am still not able to re-produce this issue with the example project sent:

Testing /Users/lili/www/gradle-5...

Organisation:      lili2311
Package manager:   gradle
Target file:       build.gradle
Open source:       no
Project path:      /Users/lili/www/gradle-5
Licenses:          enabled

✓ Tested 0 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.```

0 Dependencies in the root project but with `snyk test --gradle-sub-project=foo' I get many vulns back

lili@ ~/www/gradle-5 () $ ./gradlew -v

------------------------------------------------------------
Gradle 5.0
------------------------------------------------------------

Build time:   2018-11-26 11:48:43 UTC
Revision:     7fc6e5abf2fc5fe0824aec8a0f5462664dbcd987

Kotlin DSL:   1.0.4
Kotlin:       1.3.10
Groovy:       2.5.4
Ant:          Apache Ant(TM) version 1.9.13 compiled on July 10 2018
JVM:          11.0.2 (Oracle Corporation 11.0.2+9)
OS:           Mac OS X 10.13.2 x86_64

Questions:

1. Please share the full command you execute snyk with?
2. Please verify this executes succesfully:

• no wrapper
  gradle snykResolvedDepsJson -q --build-file build.gradle -I /path/to/snyk-gradle-plugin/lib/init.gradle
•  with wrapper:
  ./gradlew snykResolvedDepsJson -q --build-file build.gradle -I /path/to/snyk-gradle-plugin/lib/init.gradle

Here is the init.gradle: https://github.com/snyk/snyk-gradle-plugin/blob/master/lib/init.gradle

3. If none of these work out, perhaps we can jump on a quick zoom/video call to see this run in your environment and do a little debug session?

[GuiSim]

Replied via email.

[GuiSim]

Aww that's too bad that you can't reproduce, there must be something wrong on my side.. I simply run snyk test --org=pleo --file=pleo-callisto-app/build.gradle Testing /Users/guisim/dev/pleo/snyk_test... Subrocess exit code: 1, stdout: , stderr: FAILURE: Build failed with an exception. * What went wrong: Task 'snykResolvedDepsJson' not found in project ':pleo-callisto-app'. * Try: Run gradle tasks to get a list of available tasks. Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 5s Please make sure that `gradle snykResolvedDepsJson -q --build-file pleo-callisto-app/build.gradle --no-daemon -I /usr/local/lib/node_modules/snyk/node_modules/snyk-gradle-plugin/lib/init.gradle` executes successfully on this project. If the problem persists, collect the output of `gradle snykResolvedDepsJson -q --build-file pleo-callisto-app/build.gradle --no-daemon -I /usr/local/lib/node_modules/snyk/node_modules/snyk-gradle-plugin/lib/init.gradle` and contact support@snyk.io And then I ran gradle snykResolvedDepsJson -q --build-file pleo-callisto-app/build.gradle --no-daemon -I /usr/local/lib/node_modules/snyk/node_modules/snyk-gradle-plugin/lib/init.gradle FAILURE: Build failed with an exception. * What went wrong: Task 'snykResolvedDepsJson' not found in project ':pleo-callisto-app'. * Try: Run gradle tasks to get a list of available tasks. Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 5s

…

On Fri, Mar 22, 2019 at 12:01 PM Lili Kastilio ***@***.***> wrote: So after getting my environment to java 11 and gradle 5, I am still not able to re-produce this issue with the example project sent: Testing /Users/lili/www/gradle-5... Organisation: lili2311 Package manager: gradle Target file: build.gradle Open source: no Project path: /Users/lili/www/gradle-5 Licenses: enabled ✓ Tested 0 dependencies for known issues, no vulnerable paths found. Next steps: - Run `snyk monitor` to be notified about new related vulnerabilities. - Run `snyk test` as part of your CI/test.``` 0 Dependencies in the root project but with `snyk test --gradle-sub-project=foo' I get many vulns back lili@ ~/www/gradle-5 () $ ./gradlew -v ------------------------------------------------------------ Gradle 5.0 ------------------------------------------------------------ Build time: 2018-11-26 11:48:43 UTC Revision: 7fc6e5abf2fc5fe0824aec8a0f5462664dbcd987 Kotlin DSL: 1.0.4 Kotlin: 1.3.10 Groovy: 2.5.4 Ant: Apache Ant(TM) version 1.9.13 compiled on July 10 2018 JVM: 11.0.2 (Oracle Corporation 11.0.2+9) OS: Mac OS X 10.13.2 x86_64 Questions: 1. Please share the full command you execute snyk with? 2. Please verify this executes succesfully: - no wrapper gradle snykResolvedDepsJson -q --build-file build.gradle -I /Users/lili/www/snyk-gradle-plugin/lib/init.gradle - with wrapper: ./gradlew snykResolvedDepsJson -q --build-file build.gradle -I /path/to/snyk-gradle-plugin/lib/init.gradle 1. If none of these work out, perhaps we can jump on a quick zoom/video call to see this run in your environment and do a little debug session? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB6GBjGoMHL1DRsgac8UKUnRDnxdbNxPks5vZLfsgaJpZM4cBPvN> .

-- Guillaume S.

[lili2311]

Aha thanks! Now I can replicate, investigating how to fix

[lili2311]

Could you please try snyk test --org=pleo --gradle-sub-project=pleo-callisto-app in the mean time, this should work for you if the thing you are testing via --file is a sub-project, we are working on a fix in the mean time.

[GuiSim]

The workaround works. Would you recommend using `--gradle-sub-project` instead of `--file` normally? If there was no bugs, would it be the recommended method?

…

On Fri, Mar 22, 2019 at 3:48 PM Lili Kastilio ***@***.***> wrote: Could you please try snyk test --org=pleo --gradle-sub-project=pleo-callisto-app in the mean time, this should work for you if the thing you are testing via --file is a sub-project, we are working on a fix in the mean time. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB6GBue-Lz5c1JXvVX2a3j_OCwbGM9bVks5vZO1YgaJpZM4cBPvN> .

-- Guillaume S.

[lili2311]

We created --gradle-sub-projects for better handling of gradle specific modules so I would recommend this being used when possible.

[lili2311]

The fix is released, please get the latest version of the CLI and try again?

[GuiSim]

The latest version works! Thanks!

[GuiSim]

We've started seeing a very similar problem in another project (using Snyk 1.143.1)

@lili2311

BUILD FAILED in 5s


Please make sure that `gradle snykResolvedDepsJson -q --build-file build.gradle --no-daemon -I /usr/local/lib/node_modules/snyk/node_modules/snyk-gradle-plugin/lib/init.gradle` executes successfully on this project.

If the problem persists, collect the output of `gradle snykResolvedDepsJson -q --build-file build.gradle --no-daemon -I /usr/local/lib/node_modules/snyk/node_modules/snyk-gradle-plugin/lib/init.gradle` and contact support@snyk.io

* What went wrong:
Execution failed for task ':pleo-commons-all:snykResolvedDepsJson'.
> Could not resolve all dependencies for configuration ':pleo-commons-all:snykMergedDepsConf'.

[GuiSim]

I can't easily provide a sample project right now.
I'm currently unsure how this project is unique from the other project I provided you with (and that now passes since you pushed a fix)

[GuiSim]

Looks like it's similar but not exactly the same.
Let me know if I should open another issue.

Looks like snykMergedDepsConf is to blame this time.

[lili2311]

Strange, okay will take a look into this. Re-opened the issue

[kyegupov]

@GuiSim usually, Could not resolve all dependencies for configuration error is followed by an explanation why exactly the dependencies could not be resolved. Often it's a package repository being not accessible.

Is there any additional error message below that line when you are running Snyk CLI?

[GuiSim]

pleo-commons is a multi-module project that includes multiple small utility libraries with dedicated features. They don't really depend on each other, technically they could all be in their own repos but we opted for a simpler approach of having them all in a single repo.

In order to keep things simple on the build/deployment side of things, we added pleo-commons-all, a project that simply depends on all other projects. snyk test on this project should test all of the projects inside the repository.

> Could not resolve all dependencies for configuration ':pleo-commons-all:snykMergedDepsConf'.
   > Could not find :pleo-commons-app:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-aws:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-config:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-data:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-geo:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-functest:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-kafka:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-kotlin:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-logging:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-manual:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-manual-kafka:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-manual-sns:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-money:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-rest:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-rocks:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-security:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-serialization:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-testapp:.
     Required by:
         project :pleo-commons-all
   > Could not find :pleo-commons-utils:.
     Required by:
         project :pleo-commons-all

The build.gradle for pleo-commons-all:

dependencies {
    compile ':pleo-commons-app'
    compile ':pleo-commons-aws'
    compile ':pleo-commons-config'
    compile ':pleo-commons-data'
    compile ':pleo-commons-geo'
    compile ':pleo-commons-functest'
    compile ':pleo-commons-kafka'
    compile ':pleo-commons-kotlin'
    compile ':pleo-commons-logging'
    compile ':pleo-commons-manual'
    compile ':pleo-commons-manual-kafka'
    compile ':pleo-commons-manual-sns'
    compile ':pleo-commons-money'
    compile ':pleo-commons-rest'
    compile ':pleo-commons-rocks'
    compile ':pleo-commons-security'
    compile ':pleo-commons-serialization'
    compile ':pleo-commons-testapp'
    compile ':pleo-commons-utils'
}

[kyegupov]

@GuiSim hmm, does pleo-commons-all project, defined like this, work for you? Because for me, when I have replicated that setup and tried to do

gradle dependencies:pleo-commons-all

I get the same errors you were getting from the snyk tool.

I believe the proper way to setup such projects is something like

dependencies {
  compile project(':pleo-commons-app')
  compile project(':pleo-commons-convert')
  ...
}

as per https://docs.gradle.org/current/userguide/dependency_types.html#sub:project_dependencies

[GuiSim]

gradle dependencies:pleo-commons-all

Starting a Gradle Daemon, 1 busy Daemon could not be reused, use --status for details

FAILURE: Build failed with an exception.

* What went wrong:
Project 'dependencies' not found in root project 'commons-java'.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 6.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/5.1.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 7s

I get the exact same result with either compile ':x' or compile project(':x')

Changing to compile project(':x') does however fix the snyk test failing.

[kyegupov]

@GuiSim sorry, my mistake, I meant gradle pleo-commons-all:dependencies of course.

I'm glad to see that compile project(':x') works for you. I believe that's the proper way to specify dependencies on your subprojects in Gradle.

[kyegupov]

@GuiSim does snyk work for you now? Can we close the issue?

[GuiSim]

Yep! sorry for not updating, the workaround works.