Support Java 16 for Dependency Scanning gradle projects

Release notes

https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning

For customers keeping using Java 16 you will be happy to know that you are now supported by our Dependency Scanning analyzers. Please set the DS_JAVA_VERSION environment variable to leverage this enhancement.

Summary

java 16 is supported in dependency scanning for maven but not for gradle due to issues with gradle 7 support in gemnasium-gradle-plugin.

Further details

When adding java 16 support in this issue it was discovered that the current gemnasium-gradle-plugin (v0.3.3) uses functionality deprecated in gradle 7 (which is the only gradle version to support java 16): gitlab-org/security-products/analyzers/gemnasium-maven!111 (comment 566224662)

Therefore, the original issue was changed to describe only adding support for maven. The gradle implementation is left to this issue.

Implementation plan

Note: adoptopenjdk-16.0.0+36 was already added in.

update gemnasium-gradle-plugin to remove deprecated functionality (#329805 (closed))
add java16 branch to java-gradle test project to change the distribution url to point to gradle 7
add test for java 16 using gradle
release new version of gemnasium-maven

Documentation

support for java 16 to be documented under DS_JAVA_VERSION row of DS analyzer configuration.

Availability & Testing

Add java 16 job for each supported framework as in https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/blob/master/.gitlab-ci.yml#L58

java-gradle

Edited Jul 13, 2021 by Igor Frenkel