Update Dependency Scanning fixtures and test projects to use Java 17

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Proposal

After merging Use Java 17 by default (gitlab-org/security-products/analyzers/gemnasium-maven!193 - merged), we started to see failures with our test projects due to the fact that the fixture files in these test projects are incompatible with Java 17. In order to work around this, we configured an environment variable at the test project level to set DS_JAVA_VERSION: 11. This resulted in the Dependency Scanning jobs in the pipeline to pass successfully.

Likewise, many of the qa/fixture files used in gemnasium-maven are not compatible with Java 17, so we had to set DS_JAVA_VERSION: 11 in order to fix them.

The purpose of this issue is to update the test projects and fixture files in gemnasium-maven/qa/fixtures so they're compatible with Java 17

Implementation Plan

Update the fixture files for the following test projects and branches so they're compatible with Java 17 (21 projects total)
- java-gradle
  - master
    - Update build.gradle to v7, Remove gradlew (gitlab-org/security-products/tests/java-gradle!90 - merged)
      
      Note: once we update the build.gradle to be compatible with gradle 7 and remove the gradlew files, the license scanning job will fail because license scanning isn't compatible with Java 17. We should probably create another branch, for example license-scanning-java-11 to be used with license scanning.
      
      Update: Created a java-11-FREEZE branch in the java-gradle test project which has been automatically picked up by the Secure Test Orchestrator project, and the pipeline passes.
  - gradle-cli-opts-FREEZE
    - Support Java 17 by updating build.gradle to v7 ... (gitlab-org/security-products/tests/java-gradle!89 - merged)
  - offline-FREEZE
    - Use gemnasium instead of gemnasium-maven in DS_... (gitlab-org/security-products/tests/java-gradle!86 - merged)
- java-gradle-kotlin-dsl
  - master
  - offline-FREEZE
- java-gradle-multimodules
  - master
  - no-root-dependencies-FREEZE
  - offline-FREEZE
  - subprojects-buildfilename-FREEZE
- java-maven
  - master
    - Change Compiler Target to 17 (gitlab-org/security-products/tests/java-maven!155 - merged)
  - offline-FREEZE
    - Change Compiler Target to 17 (gitlab-org/security-products/tests/java-maven!163 - merged)
  - maven-cli-opts-skip-tests-FREEZE
    - Change JDK compiler target to 17 (gitlab-org/security-products/tests/java-maven!157 - merged)
  - custom-ca-cert-java-8-FREEZE
    - Update JDK compiler target to 17 (gitlab-org/security-products/tests/java-maven!156 - merged)
  - update-expectation-maven-cli-opts-skip-tests-FREEZE
    - Change Compiler Target to 17 (gitlab-org/security-products/tests/java-maven!164 - merged)
- java-maven-multimodules
- scala-sbt
- scala-sbt-multiproject
  - main
Update the files in the gemnasium-maven/qa/fixtures directory for the v3 branch so they're compatible with Java 17. The fixture files that need to be updated are the ones that have DS_JAVA_VERSION: 11 configured, as shown in the image_spec.rb file:
Remove the environment variable DS_JAVA_VERSION: 11 from the Settings -> CI/CD -> Variables of the following test projects
Run the Nightly Secure Test execution in the secure-test-project-orchestrator project and ensure that all tests pass

/cc @fcatteau @gonzoyumo @sam.white

Edited Aug 22, 2025 by 🤖 GitLab Bot 🤖

Assignee Loading

Time tracking Loading