The gemnasium gradle plugin does not respect config values for skipping tests

Summary

The gemnasium-gradle-plugin will always skip test dependencies when it dumps the project dependencies.

Steps to reproduce

  1. Create a Gradle project that has test dependencies like junit/junit and run a dependency scanning job.
  2. Observe that the dependency scanning report and the CDX SBOM does not contain the dependency, and any transitive dependencies.

Example Project

What is the current bug behavior?

The skipTestsGroups configuration value is not respected. The test dependencies are always excluded.

What is the expected correct behavior?

When skipTestGroups is set to false test groups should not be excluded. See gitlab-org/security-products/analyzers/gemnasium!639 (comment 1796081886) for an example.

/cc @philipcunningham

Edited by Nick Ilieskou