Is there a Gradle equivalent of "mvn dependency:analyze"?

Is there a Gradle equivalent to

mvn dependency:analyze

which will give me an idea of whether I’m using dependencies that I am not declaring?

Thank you.


There is ‘gradle dependencies’, and starting from 1.3 also ‘gradle dependencyInsight’.

It would be great to add a dependency report that determines if updates are available, e.g.

mvn versions:display-dependency-updates
mvn versions:display-plugin-updates

I’ve had to evolve the checkLibVersions task to handle more scenarios, but it doesn’t feel fully baked.


I looked at the latest nightly build of Gradle (v 1.4). The dependencyInsight task requires a dependency named on the command line to query. That’s not exactly what I had in mind. I am more interested in a report of what classes I’m using from transitive dependencies. Or maybe I misunderstood what dependencyInsight offers.

Gradle doesn’t currently ship with anything like ‘mvn dependency:analyze’. I had initially thought that you were looking for the equivalent of ‘mvn dependency:tree’.

Got it. Thanks.

The tree output is beautiful, btw. That’s also super useful.

I’m new to programming to the Gradle API itself, but I want to try my hand at it. I’ve taken a look at the API docs, and see that on Project I can acquire a collection of Dependencies. That is

def d = project.configurations.getByName(“compile”).allDependencies

I’m not certain this is the right track toward acquiring transitive dependencies of this project, however.

Would someone be kind enough to offer a bit of guidance on how to approach this?


‘Configuration.getDependencies/getAllDependencies’ only gives declared dependencies. You’ll either have to use ‘Configuration.getResolvedConfiguration’ or ‘Configuration.getIncoming’. I think the latter is more recent and more capable.

Thank you.

I got this to print what appears to be promising output:

class AnalyzeDependencyPlugin implements Plugin<Project> {
    void apply(Project project) {
        project.task('analyzeDeps') << {
            def compileConfiguration = project.configurations.getByName("compile")
            def resolvedConfiguration = compileConfiguration.resolvedConfiguration
            def resolvedArtifacts = resolvedConfiguration.resolvedArtifacts
            resolvedArtifacts.each { dp ->
                def rd = dp.resolvedDependency
              // is a Set<ResolvedDependency>
            def firstLevelResolvedDependencies = resolvedConfiguration.firstLevelModuleDependencies

I think I can use ASM to acquire a list of classes L referenced by my code (ASM would operate on output produced by the “classes” task), then verify that each class in L is contained in a jar-artifact in the firstLevelResolvedDependencies set. I think.

Thanks again.

Awhile back I wrote and it just wraps the default behaviour of maven dependency:analyze for the ASM component. You can try it out by adding this to your build script:

apply from : ''

This was written mostly back in Gradle 0.9 days, and could probably benefit from the better approach you’re taking to working with the dependencies. Anyhow, hopefully it will at least give you some ideas.

Well that link didn’t work :slight_smile:

Thank you very kindly. I will read through your work.

Related to this I wonder if Gradle has some API to check the latest version available for a given dependency.

E.g. having this:

dependencies {
    compile "commons-lang:commons-lang:2.+"

and then in a task to display the latest version available in the 2.+ scope.

The use case for this might not be interesting for everybody, but in our project we are using this 2.+ and using a external forcedModule config we are ‘locking’ the version. Now it would be nice to be able to check the latest version available and print then. Don’t know the Gradle has a convenient API for that?

this plugin may help on that front -

I got the following when using your code:

FAILURE: Build failed with an exception.

I’ve taken the Gist provided by kellyrob and wrapped it up as a gradle plugin available at