External reference to VCS gets added regardless of setting externalReferences #733
Description
Bug Description
Right now there is no way (that I could find) to prevent adding an external reference to the VCS used. Setting it to an empty list or unsetting the convention does nothing.
The documentation mentions that the VCS external reference is the default, suggesting that opting out of adding it should work.
Self-contained Reproducer Project
plugins {
id 'org.cyclonedx.bom'
id 'java'
}
repositories {
mavenCentral()
}
group = 'com.example'
version = '1.0.0'
tasks.cyclonedxBom {
externalReferences = []
// externalReferences.unsetConvention() does not work either
}
dependencies {
implementation("org.hibernate:hibernate-core:5.6.15.Final")
}
Expected Behavior
A way to prevent the inclusion of a VCS external reference, maybe something like opting out of the XML output (with xmlOutput.unsetConvention())?
Gradle build scan URL (optional)
No response
OS
No response
Gradle version
9.2.0
CycloneDX Plugin version
3.0.2
Additional Context
No response
Contribution
- I am willing to provide a fix
- I will wait until somebody else fixes it