Protecting Project Integrity

Our recent security report shows that supply chain attacks targeting the build process through the Gradle Wrapper exist in the wild. This blog post explains how to protect your project or you, as a developer, against similar attacks.

This is a companion discussion topic for the original entry at

You could always fix Bootstrap Gradle build using cmd-line scripts only · Issue #11816 · gradle/gradle · GitHub so people don’t have to check in a binary wrapper…

If it is so easy to fix, feel free to open a pull request that fixes it. :wink:
Besides that you can do similar attacks with cmd-line only scripts too.