being called not from our code

Hello community,

I have a quick question that I was hoping could get quickly answered. We operate inside a zero-trust network and our firewall guys are seeing the following domain:

being called. After reviewing our custom code for our API, we use the gradle binary inside of one our containers specified inside a dockerfile. Is there a default config somewhere that would be making these calls to the above domain for a specific reason. We just install the community edition of gradle and are not doing any modification to it all. Any help is greatly appreciated

As you didn’t provide any information, like what URL is tried to be accessed and so on, it is hard to guess what is accessed. Most typically it is the Gradle distribution that you specify in the Gradle wrapper file. You probably want to host the distribution somewhere in-house and use that in your

Another possibility is that you are hitting URL for Gradle sources is hard-coded into SourceDistributionResolver · Issue #18249 · gradle/gradle · GitHub.

If you use the -bin distribution, then on IDE sync the sources are downloaded automatically.
The URL for this is unfortunately hard-coded currently.

If that is what you need to mitigate, it might be one of the rare cases, where you maybe should use the -all distribution instead. Usually it is just a waste of time, bandwidth, and disk space for anyone and anything just executing a build. There are only two situations where -all makes sense.

  1. If you are using Groovy DSL and then only while actually editing the build scripts in the IDE
  2. If you need to prevent this automatic source download with the hard-coded URL

Greatly appreciated. I will take a look into this and see what I can come up with.

1 Like

gradle init is another case where gradle cannot be convinced to use a mirror, see:

1 Like