The files that underpin file-based providers can be retrieved from a variety of different sources, including the local file system, a URL or URI resource, a dependency repository artifact, or a plain InputStream.

The following very contrived example demonstrates the use of these options with different file-based repositories:

apply plugin: 'java'
apply plugin: 'nebula-dependency-recommender'
repositories { mavenCentral() }
dependencyRecommendations {
   // **ALL** file-based providers support module,
   // file, uri, and url
   mavenBom module: 'sample:sample-bom:1.0'
   mavenBom file: '/folder/sample-bom-1.0.pom'
   mavenBom uri: 'https://somewhere/sample-bom-1.0.pom'
   propertiesFile module: 'sample:sample-props:1.0@props'
   propertiesFile url: new URL('https://somewhere/sample.props')
   propertiesFile file: file('sample.props')
   
   dependencyLock module: 'sample:sample-lock:1.0'
   dependencyLock uri: URI.create('https://place/sample.lock')
}

In the case of a repository artifact, the artifact should be specified using artifact only notation. An artifact only notation (Gradle Documentation 51.4.1.2) creates a module dependency which downloads only the artifact file with the specified extension. Existing module descriptors are ignored.

The plugin uses the repositories specified in the repositories { } block in your project to attempt to locate the artifact. In the example, the plugin would be searching mavenCentral() for the files.

Notice the suffix on the artifact notation sample:sample-props:1.0@props . Since properties files do not have an 'expected' file extension, you must tell the plugin which extension to look for. The Maven BOM provider automatically appends @pom if you do not. Similarly, the Dependency Lock provider automatically appends @lock if you do not.