Fix packager reported by Gemnasium for Gradle and Pipenv projects
What does this MR do and why?
- Fix package manager reported by gemnasium-maven for Gradle projects.
- Fix package manager reported by gemnasium-python for Pipenv and Setuptools projects.
- Properly present the newly introduced package managers in the Dependency List.
- Support the newly introduced package managers in the Dependencies API, as filters.
- Fix a bug in the Dependencies API: the
packager_managerparam was compared as a String, not as an Array. As a result,pipenvmatchedpip, because the former "includes" the latter. This bug was harmless before introducingpipenv. - Remove
TableSyntaxfrom spec, because this was not needed. - Add a spec for when the
package_managerparam is an Array, and not a String.
Testing
Changes to the CI templates are tested using the Secure test projects:
- In gitlab-org/security-products/tests/python-pipenv!66 (closed), the report now sets the
package_managertopipenv. - In gitlab-org/security-products/tests/java-gradle!69 (closed), the report now sets the
package_managertogradle.
There's no test project for Setuptools.
Screenshots or screen recordings
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #338252 (closed)
Edited by Fabien Catteau