According to the PURL specification at https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
"gradle" for Gradle plugins "maven" for Maven JARs and related artifacts
Gemnasium doesn't currently support extraction of Gradle plugin infromation; all Gradle dependencies extracted by Gemnasium are Maven JARs and related artifacts.
Therefore, dependencies specified by the Gradle package manager should use the PURL type of "maven"
This change allows SBOMs produced by Gemansium to be consumed by Trivy. See https://github.com/aquasecurity/trivy/issues/2886