FY22-Q3 Fabien Catteau KR: Better document package manager features supported by Dependency scanning

Description

We are in the process of adding language version to Dependency Scanning docs but there are still many unknown about what Dependency Scanning truly supports. In particular, we should investigate and document these:

• What are the supported Maven scope?
• What are the supported Sbt configurations?
• What are the supported Gradle configurations?
• Are Gradle dependency constraints supported?
• What are the Bundler groups being scanned, considering that we only parse the lock file?
• Are we scanning development dependencies of yarn, composer, and npm projects?

For each question we should:

1. create a test case corresponding to the feature (Maven scope, Sbt configuration, Gradle keyword, etc.)
2. update the docs based on what the test case reveals

Outcome

• In the issue, I've studied the current behavior of all 3 Gemnasium-based analyzers.
• I've noticed discrepancies, created two issues to make the behavior consistent. See gitlab-org/gitlab#343043 and gitlab-org/gitlab#343041 (closed)
• I've updated gitlab-org&2743 (comment 703366449) based on my research.
• I'm giving a Show & Tell presentation to share all that with the group.