Expand Gemnasium-maven supported Java Platform gradle plugins

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Note to wider-community, sales, support and customer success

As always we welcome contributions so feel free to ask questions the PM of Composition Analysis if you are unsure about what needs to be done here and want to contribute the fix yourself!

NOTE if you are a user who also would like to see this feature, please UPVOTE 👍 it and comment to help it get prioritized (So it’s raised as part of our sensing mechanisms. Comments ideally should include what you want, how it would help you, what your pain point/frustration is today, and anything else that can help us focus on solving the problem.

If you are a team member commenting on behalf of a user (not ideal, as you can only upvote once!) Please remember to upvote and include as much information (what they are trying to solve for, their setup) as possible in addition to a salesforce or zendesk link.

Problem to Solve

support gradle dependencies via the java platform plugin

Currently supported gradle file formats

https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#supported-languages-and-package-managers

Summary

Expand supported Java gradle file formats - see original supported bug below

bug contents

When using the Java Platform gradle plugin to manage dependencies, the gemnasiumDumpDependencies task in our gemnasium-maven analyzer seems to fail with unresolved dependency errors:

[ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Execution failed for task ':gemnasiumDumpDependencies'.
[ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Project has unresolved dependencies

Steps to reproduce

Reported by an Ultimate customer in ZD (internal-only, more details can be found in the ticket if needed), when using dependencies as follows:

  • in the main project:
dependencies {
api(platform("org.springframework.boot:spring-boot-dependencies:2.4.0"))
api(platform("org.springframework.cloud:spring-cloud-dependencies:2020.0.0-M5"))
constraints {
api('org.projectlombok:lombok:1.18.16'))
...
  • subproject dependencies as:
subprojects {
apply plugin: 'java-library'

dependencies {
annotationProcessor(enforcedPlatform(rootProject))
...

annotationProcessor('org.projectlombok:lombok')
...

The above fails, but setting an explicit version to the subproject dependencies works, i.e.:

annotationProcessor('org.projectlombok:lombok:1.1.1')

Example Project

none yet

What is the current bug behavior?

Unresolved dependencies errors.

What is the expected correct behavior?

Correctly resolving the dependencies as per the Java Platform plugin.

Relevant logs and/or screenshots

[ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Execution failed for task ':gemnasiumDumpDependencies'.
[ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Project has unresolved dependencies
Edited by 🤖 GitLab Bot 🤖