## Description This implementation issue covers adding Gradle build file (`build.gradle`, `build.gradle.kts`) scanning capabilities to the Dependency Scanning (DS) analyzer. This build file scanning will serve as a fallback mechanism when lock/graph files are not available. ## Scope **Objective:** Implement build file scanning functionality for Gradle `build.gradle` and `build.gradle.kts` files. **Key Components:** * Add Gradle build file detection and parsing logic for both Groovy (`build.gradle`) and Kotlin DSL (`build.gradle.kts`) formats * Implement dependency extraction from Gradle build files * Integrate with existing DS analyzer workflow as a fallback option * Ensure compatibility with the current dependency scanning pipeline ## Acceptance Criteria: * DS analyzer successfully detects and processes `build.gradle` and `build.gradle.kts` files * Direct dependencies are correctly extracted and reported from both Groovy and Kotlin DSL formats ## Related Issues * Spike: https://gitlab.com/gitlab-org/gitlab/-/work_items/584568 ### Release notes description: [GitLab dependency scanning by using SBOM](https://docs.gitlab.com/user/application_security/dependency_scanning/dependency_scanning_sbom/) now supports scanning Java `build.gradle` and `build.gradle.kts` build files. Previously, dependency scanning for Java projects using Gradle required a lock file to be present. Now, when a lock file is not available, the analyzer automatically falls back to scanning `build.gradle` and `build.gradle.kts` files, extracting and reporting only direct dependencies for vulnerability analysis. This improvement makes it easier for Java projects using Gradle to enable dependency scanning without requiring a lock file. To enable manifest fallback, set the DS_ENABLE_MANIFEST_FALLBACK CI/CD variable to "true". documentation_link: https://docs.gitlab.com/user/application_security/dependency_scanning/dependency_scanning_sbom/#manifest-fallback