Gradle Support
vscode-java provides partial Gradle support for Java projects, by embedding the Eclipse Buildship project.
- Android projects are not supported
- Kotlin build descriptors (
build.kts) are not supported - Only Java files are compiled. Cross-language compilation is not supported.
-
java.import.gradle.enabled: Enable/disable the Gradle importer. -
java.import.gradle.home: setting for GRADLE_HOME. -
java.import.gradle.arguments: Arguments to pass to Gradle. -
java.import.gradle.jvmArguments: JVM arguments to pass to Gradle. -
java.import.gradle.wrapper.enabled: Enable/disable the Gradle wrapper. -
java.import.gradle.version: Gradle version, used if the gradle wrapper is missing or disabled. -
java.import.gradle.offline.enabled: Enable/disable the Gradle offline mode. Defaults tofalse. -
java.import.gradle.user.home: setting for GRADLE_USER_HOME.
When a project uses the gradle wrapper, and "java.import.gradle.wrapper.enabled"=true (the default), it will be automatically executed when opening VS Code.
There is potential for a bad actor to replace the gradle-wrapper.jar with a malicious binary in a seemingly innocent repository, tricking users into automatically executing malware as soon as the folder is opened.
In order to mitigate this issue, vscode-java performs integrity checks on any gradle wrapper used to run a build, similar to the Github Action published by the Gradle team. If the wrapper's checksum doesn't match a known good checksum, a security warning is displayed (actually an error, so it stays visible):
The link opens this page.
If you trust the wrapper to be executed, the application settings.jon will be updated like:
"java.imports.gradle.wrapper.checksums": [
{
"sha256": "504b38a11c466aecb2f5c0b0d8ce0ed7ffa810bf70b9b7a599c570051be8fb4e",
"allowed": true
}
],and the wrapper will be used.
If you don't trust it, "allowed":"false" will be stored.
The default Gradle version embedded in Buildship will be used to build your project until the wrapper is explicitly trusted.