Use PURL type "maven" for Gradle specified dependencies
What does this MR do?
According to the PURL specification at https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
"gradle" for Gradle plugins "maven" for Maven JARs and related artifacts
Gemnasium doesn't currently support extraction of Gradle plugin infromation; all Gradle dependencies extracted by Gemnasium are Maven JARs and related artifacts.
Therefore, dependencies specified by the Gradle package manager should use the PURL type of "maven"
This change allows SBOMs produced by Gemansium to be consumed by Trivy. See https://github.com/aquasecurity/trivy/issues/2886
What are the relevant issue numbers?
gitlab-org/gitlab#374043 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau