Explicitly document supported versions of package managers and file formats for Dependency Scanning

Problem to solve

As we support so many different environments it is difficult to stay on the edge and ensure support for latest version. Similar concern applies to old versions that we might not have invested in supporting.

As a result, it is difficult to identify what is supported and what is not.

Further details

Any supported language, package manager and file format should be explicitely listed so that we can quickly identify what's a real bug or what is additional feature request to support another version.

Proposal

Explicitely state the supported versions in the Supported languages and package managers section of our user documentation.

Implementation plan

• iterate through downstream tests in gemnasium and note current versions of language (if exists in rep) and lockfiles used
• iterate through downstream tests in gemnasium-maven and note java versions supported as well as versions of maven, gradle, sbt
• iterate through downstream tests in gemnasium-python and note minor python versions used for python 2 and 3, as well as versions of pip, pipenv, setuptools
• iterate through downstream tests in bundler-audit and note ruby version and bundler version used
• iterate through downstream tests in retire.js and note and note npm version used
• document versions in https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html

Who can address the issue

groupcomposition analysis backend team

Other links/references

gitlab-com/www-gitlab-com!73443 (comment 499728858)