From cdd728c241cd9b105a4ae64f9c1610e665923552 Mon Sep 17 00:00:00 2001
From: "Mark S. Lewis" <Mark.S.Lewis@outlook.com>
Date: Wed, 16 Jul 2025 15:54:32 +0100
Subject: [PATCH] Allow scanning of all dependencies

The default vulnerability scan, run with `make scan`, checks only the
runtimeClasspath dependencies. This change add a `scan-all` Makefile
target that checks all dependencies, including test and plugin
dependencies.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
---
 Makefile                           | 8 ++++++++
 fabric-chaincode-shim/build.gradle | 6 ++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 44118a94..c64334c5 100644
--- a/Makefile
+++ b/Makefile
@@ -16,9 +16,17 @@ endif
 
 .PHONY: scan
 scan: $(osv-scanner)
+	rm -f fabric-chaincode-shim/gradle.lockfile
 	./gradlew --quiet :fabric-chaincode-shim:dependencies --write-locks --configuration runtimeClasspath
 	bin/osv-scanner scan --lockfile=fabric-chaincode-shim/gradle.lockfile
 
+.PHONY: scan-all
+scan-all: $(osv-scanner)
+	rm -f fabric-chaincode-shim/gradle.lockfile
+	./gradlew --quiet :fabric-chaincode-shim:dependencies --write-locks
+	bin/osv-scanner scan --lockfile=fabric-chaincode-shim/gradle.lockfile
+
+
 .PHONY: install-osv-scanner
 install-osv-scanner:
 	mkdir -p '$(bin_dir)'
diff --git a/fabric-chaincode-shim/build.gradle b/fabric-chaincode-shim/build.gradle
index 8cff266f..4df93310 100644
--- a/fabric-chaincode-shim/build.gradle
+++ b/fabric-chaincode-shim/build.gradle
@@ -21,10 +21,8 @@ pmd {
 
 pmdTest.enabled = false
 
-configurations {
-    runtimeClasspath {
-        resolutionStrategy.activateDependencyLocking()
-    }
+dependencyLocking {
+    lockAllConfigurations()
 }
 
 tasks.withType(org.gradle.api.tasks.testing.Test) {