Dependency Scanner Fails in Multi-Module Gradle Projects Due to Incorrect Root Path Assumption

Problem

A customer on an Ultimate trial is experiencing an issue with the dependency scanner in a multi-module Gradle project where some subprojects depend on other subprojects within the same repository. Despite successfully generating dependency reports and indicating BUILD SUCCESSFUL, the process fails with an error: "failed to normalize." This issue occurs specifically when there are interdependent, multi-module projects situated at the same level in the directory hierarchy.

Proposed Solution

To resolve this issue, we need to correct the path normalization logic by accurately computing the root paths for each subproject. This involves identifying the directory segment immediately preceding build/reports in the report paths and using this information to correctly relocate the dependency report files.

Implementation Plan

1. Simplify Root Path Computation:

   • Update the deriveRootPath function to compute the root path by splitting the report path at "build/reports" and identifying the preceding directory.

2. Normalize Paths:

   • Refactor the normalizePaths function to iterate over the report paths, use the updated deriveRootPath function to compute the new root paths, and relocate the htmlDependencyReport artifacts adjacent to their respective build.gradle files.

3. Update Tests and Documentation:

   • Modify the relevant tests to ensure they cover the new path normalization logic.
   • Document the changes in the changelog and provide examples in the function comments for clarity.