In our build setup, we use some internal dependencies that are published in an internal Maven repository hosted on S3. The configuration for these repositories looks like this [1]:
maven {
setUrl("s3://my-bucket.s3.eu-central-1.amazonaws.com")
credentials(AwsCredentials::class.java) {
accessKey = project.s3AccessKey
secretKey = project.s3SecretKey
}
}
This leads to the following errors when executing spdxSbom:
org.spdx.library.InvalidSPDXAnalysisException: Invalid download location s3://my-bucket.s3.eu-central-1.amazonaws.com/org/package/org.package.dep/1.2.3/org.package.dep-1.2.3.jar. Must match the pattern ^(NONE|NOASSERTION|(((git|hg|svn|bzr)\+)?(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/|ssh:\/\/|git:\/\/|svn:\/\/|sftp:\/\/|ftp:\/\/|file:\/\/|file:\/)?[a-zA-Z0-9\.\-\ \_]+(:[0-9]{1,5})?(\/.*)?)|(git\+git@[a-zA-Z0-9\.\-]+:[a-zA-Z0-9/\\.@\-]+)|(bzr\+lp:[a-zA-Z0-9\.\-]+))$
Apparently s3:// is not among the list of protocols allowed.
[1] https://docs.gradle.org/current/userguide/declaring_repositories.html#sec:repository-types
In our build setup, we use some internal dependencies that are published in an internal Maven repository hosted on S3. The configuration for these repositories looks like this [1]:
This leads to the following errors when executing
spdxSbom:org.spdx.library.InvalidSPDXAnalysisException: Invalid download location s3://my-bucket.s3.eu-central-1.amazonaws.com/org/package/org.package.dep/1.2.3/org.package.dep-1.2.3.jar. Must match the pattern ^(NONE|NOASSERTION|(((git|hg|svn|bzr)\+)?(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/|ssh:\/\/|git:\/\/|svn:\/\/|sftp:\/\/|ftp:\/\/|file:\/\/|file:\/)?[a-zA-Z0-9\.\-\ \_]+(:[0-9]{1,5})?(\/.*)?)|(git\+git@[a-zA-Z0-9\.\-]+:[a-zA-Z0-9/\\.@\-]+)|(bzr\+lp:[a-zA-Z0-9\.\-]+))$Apparently
s3://is not among the list of protocols allowed.[1] https://docs.gradle.org/current/userguide/declaring_repositories.html#sec:repository-types