Add analysis for gradle projects
What does this MR do?
This MR gives gemnasium-maven the capability to analyze gradle projects. The gemnasium-maven analyzer is updated to detect build.gradle and initiate a gradle analysis phase by using the gemnasium-gradle-plugin
to process the dependencies in the project and output an artifact list which can be scanned by gemnasium.
Checklist:
-
include running gemnasium-gradle-plugin -
add path to analyze gradle -
update gemnasium to allow scanner/parser to detect this new dependency type -
update Dockerfile with dependencies for both types of analysis -
ensure output from gradle analysis makes sense -
switch to a tagged version of Gemnasium, after merging gemnasium!53 (merged) and go mod tidy
Testing:
-
create a test project following the project template -
verify supported versions of gradle
What are the relevant issue numbers?
gitlab-org/gitlab#13075 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE; TODO: add link to MR, in gitlab
project - [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
-
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by 🤖 GitLab Bot 🤖