• Main Site
  • Learn More on Learn
    Getting Started
    DPE University
    Gradle Courses
    Live Trainings
  • Get Help More on Get Help
    Search for Issues
    Community Slack
    Community Forums
    Stack Overflow
    Commercial Services
  • Community More on Community
    Newsletter
    Blog
    Community Slack
    Gradle Fellowship
    - GitHub
    - Community Forums
    - X/Twitter
    - LinkedIn
    - Mastodon
    - YouTube
    More Resources
  • Gradle Inc. More on Gradle Inc.
    Develocity
    Gradle Build Scan
    DPE University
    Events
    We Are Hiring!

December 2025

Welcome to the December 2025 Gradle Build Tool newsletter! This month, we're bringing you a review of Gradle in 2025, a look at the new Develocity 2025.4 release, a deep dive into the new Develocity Universal Cache, and the open-sourcing of the popular Netflix Nebula ArchRules plugin.

Table of Contents

  • New posts
  • New videos
  • New releases
  • The year in review
  • Netflix open-sources the Nebula ArchRules plugin
  • Develocity 2025.4 release
  • Develocity launches Universal Cache

New posts #

  • Is the Java Ecosystem Cursed? A Dependency Analysis Perspective – Tony Robalik dissects the inherent complexities and anti-patterns in the Java ecosystem (like split packages, shading, reliance on classpath order, and compiler differences) that make static dependency analysis and build integrity challenging.
  • Detecting Maven-Hijack-style risks in Gradle builds with the Dependency Analysis Gradle Plugin – Laura Kassovic highlights the supply chain risk of Maven-Hijack, which weaponizes duplicate classes on the classpath, and how the Dependency Analysis Gradle Plugin (DAGP) enhances security by checking for binary-incompatible duplicate classes.
  • Knocker-Uppers - PGP Validation of Gradle Wrapper and Distribution – Aurimas Liutikas addresses the critical supply chain risk of the Gradle Wrapper and a new defense layer: the ability to use PGP keys to validate the cryptographic signatures of both the gradle-wrapper.jar and the downloaded Gradle distribution zip.

New videos #

  • The Benevolent Gradle Overlord: Keeping Order – Aurimas Liutikas @ droidcon London 2025 provides strategies for build engineers and platform teams to maintain build health, stability, and speed in the face of rapidly growing codebases and increasing team constraints.
  • Fix Flaky Android Builds Forever with Gradle Dependency Locking – Codetutor explains the problem of build non-determinism (flaky builds) and demonstrates the four-step process of implementing Gradle dependency locking and the version catalog to ensure consistent dependency resolution and reproducible builds.
  • Understanding Gradle caches (in French) – Florian Le Ficher @ GDG Paris Android User Group provides a detailed breakdown of Gradle’s various caching mechanisms, where they are stored, how to analyze their impact, and how the BackMarket team implemented custom logic to manage CI caching effectively.

New releases #

  • Spock 2.4 - The popular testing and specification framework for Java and Groovy now offers support for Groovy 5. Don’t forget to check out their new website.
  • Spring Boot 4.0.0 – This major release brings full support for Gradle 9 and continues the modularization effort for building robust, modern Spring Boot applications.

From the Gradle team #

The year in review #

Gradle 2025

The year 2025 showcased the massive scale and adoption of the Gradle ecosystem, which recorded over 600 million downloads and saw nearly 2 billion plugins downloaded from the Gradle Plugin Portal. This unprecedented growth was driven and supported by a commitment to core quality, headlined by the release of Gradle 9.0.0. This definitive release cemented our focus on speed and developer experience, introducing key features that set a new standard for performance and stability:

  • Configuration Cache – Gradle promoted Configuration Cache to the preferred execution mode, with graceful fallback and improved encryption to reduce accidental data exposure.
  • Daemon JVM auto-provisioning – Gradle introduced the capability to automatically download the JVM required by the Daemon.
  • Modern Java & languages – Gradle raised its core requirement to Java 17+, added support for Java 24/25, and upgraded to Groovy 4 and Kotlin 2.2 for improved performance and memory usage.
  • Reproducible archives by default – Gradle ensured deterministic outputs by enforcing that archives (JARs, WARs, etc.) are built consistently across different environments.
  • Kotlin DSL – Gradle leveraged the K2 compiler, improved script compilation avoidance, and switched to JSpecify on the Gradle API for stricter nullability handling.

More 2025 highlights you might have missed:

  • Gradle Best Practices Guide – Gradle released an opinionated “Do This, Not That” guide created with Google and JetBrains to help teams avoid common pitfalls.
  • Maven Central Publishing and Mirroring – Gradle worked with Maven Central to minimize unnecessary traffic and provided tooling recommendations for publishing after the Sonatype OSSRH sunset.
  • Official Gradle Docker Images – Gradle took over the official images (now with 100M+ downloads and counting).
  • Declarative Gradle – Work continued toward declarative and toolable build definitions.

👉 See you in 2026!

Netflix open-sources the Nebula ArchRules plugin #

Nebula ArchRules plugin

This November, Netflix open-sourced the Nebula ArchRules Plugin. Built on the excellent ArchUnit library, this Gradle plugin provides a structured system for authoring, sharing, and enforcing custom architectural patterns and API usage rules across large organizations with multiple repositories.

While Netflix has provided some initial open-source rule libraries, the true power lies in writing your own specialized rules.

👉 Write a rule

From the Develocity team #

Develocity 2025.4 release #

Develocity 2025.4

We’re excited to announce Develocity 2025.4, which offers powerful new features and enhancements:

  • AI-powered build and test failure grouping across builds and projects: Gain immediate, actionable, AI-driven insights into recurring build and test failures across the entire build history of all your projects, exposed via an MCP server.
  • AI-powered Develocity Analytics: Query aggregated Develocity build data using natural language to gain immediate, actionable, AI-driven insights on how to accelerate, stabilize, and cost-optimize your builds and projects, exposed via an MCP server.
  • Develocity Artifact Cache and Setup Cache: Extend caching to your entire build lifecycle, accelerating build initialization and dependency resolution to reduce overhead in ephemeral CI environments.
  • Develocity Provenance Governor: Automate Governance, Risk, and Compliance (GRC) across your entire software supply chain, ensuring that only trusted and compliant artifacts are promoted and consumed across environments.

👉 Read more

Develocity launches Universal Cache #

Universal Cache

We’re excited to share the launch of Develocity Universal Cache, a critical new capability designed to fundamentally address CI/CD pipeline bottlenecks, which are increasingly strained by the explosion of AI-generated code and the complexity of ephemeral CI environments.

Universal Cache establishes a unified, globally distributed caching layer that combines three essential caching components to accelerate every stage of your build:

  • Artifact Cache (input caching): Speeds up the start of every build by efficiently caching and restoring critical build inputs, including dependencies, JDK toolchains, and build system artifacts. This dramatically cuts down dependency download time and costs, turning what used to be 40+ minutes of idle CI time into just a few minutes.
  • Setup Cache (environment caching): Eliminates redundant initialization work, such as compiling build scripts, by sharing the resulting configuration across all CI agents. This ensures that builds running on CI begin executing faster.
  • Build Cache (output caching): Continues to accelerate task execution by reusing outputs from previous builds, preventing redundant work across machines and minimizing the time spent on unnecessary rebuilding.

By making caching observable through Develocity 360 and addressing inputs, setup, and outputs in a unified platform, Universal Cache offers a strategic solution to achieve the rapid throughput required in modern software delivery.

👉 Learn more

Upcoming events #

Meet the Gradle team and fellow community members at these upcoming events! We’d love to connect with you and discuss anything related to Gradle Build Tool, Develocity, or Developer Productivity Engineering (DPE).

  • January 28, Gradle webinar (online) – Stop waiting for CI: Develocity Universal Cache solves the commit volume problem. Stay tuned for sign-up details.
  • April 16-18, Devoxx France – France’s premier developer conference covering Java, Cloud, Security, and more.
  • May 14-16, Devoxx UK – A top conference for developers in the UK, focusing on the latest in Java, Cloud, and Software Engineering.
  • May 20-22, KotlinConf – The official JetBrains conference devoted to the Kotlin programming language.
  • June 23-26, JavaOne – The largest conference celebrating the global Java ecosystem.

Next year’s event schedule coming soon!

Spread the word #

We encourage you to share highlights from this newsletter—let’s support the authors and contributors!

You can always find this and previous editions in the Gradle Newsletter Archive or subscribe via RSS.

The Call for Proposals for the January edition is now open, and we’d love your contributions!

Views

Printable Version | HTML Version

Stay in the Know

Join 140,000+ monthly Gradle Build Tool newsletter subscribers. Also, there is an RSS Feed

By entering your email, you agree to our Terms and Privacy Policy, including receipt of emails. You can unsubscribe at any time.

Careers | Privacy | Terms of Service | Contact | RSS Feed
© 2025 Gradle, Inc. Gradle®, Develocity®, Build Scan®, and the Gradlephant logo are registered trademarks of Gradle, Inc. On this resource, "Gradle" typically means "Gradle Build Tool" and does not reference Gradle, Inc. and/or its subsidiaries.