Dependency analysis for maintaining a local repository

Hi, I’m trying to find the best way to pull a subset of jars and metadata files into an internal repository (my company has very strict security requirements).

The most comprehensive way I’ve found to do this so far is to set up a proxy that relays HEAD/GET requests to and and adding ‘maven { repositoryUrl = “my-repo” }’ to project.repositories and pluginManagement.repositories in settings.gradle – therefore both project dependencies and plugin dependencies go through my repo and I can cache the necessary jar and metadata files locally.

But I’m seeing something strange: for some reason I’m seeing a different set of dependencies when I do this versus omitting this customization and going to the default repositories directly. My dependencies end up being older than the ones computed from the default repos.

Does anyone have any thoughts on why this might be?

Also, more generally, I’m open to better solutions to this problem.

I found my problem. It looks like the Maven repo likely has different metadata from the plugins repo. If I proxy the two independently (so that I use a proxy for the plugin repository that goes only to and another for repo.,, referencing them independently from pluginManagement and project.repositories) I get the same dependency set.