Fix code scanning alert - Binary-Artifacts
drewroengoogle opened this issue · 0 comments
drewroengoogle commented
Hello!
I noticed this issue generated from OSSF's code scanning tool. I'm not too familiar with how gradle works, but my understanding of gradle-wrapper.jar is that the wrapper is used to allow users to build the project without installing gradle themselves, which leads me to believe that the jar would be necessary to have in source control.
With that in mind, I'm hoping to understand if there are any alternatives to including the jar in source control, as it can be hard to review the legitimacy of the gradle wrapper in case it ever gets changed.
Tracking issue for: