* Support development dependencies for the Gradle detector
Lack of development dependency detection for Gradle is a problem for
Android teams, especially in the context of Component Governance
alerts. Unfortunately Gradle doesn't provide enough information to
definitively identify dev dependencies in all cases, so manual
configuration is required. This change adds dev dependency
classification through two mechanisms
1. `buildscript-gradle.lockfile` and `settings-gradle.lockfile`
contain only build-system dependencies, so always classify these as
development dependencies.
2. Processing based on two new environment variables:
`GRADLE_PROD_CONFIGURATIONS_REGEX` and
`GRADLE_DEV_CONFIGURATIONS_REGEX`. Gradle lockfiles indicate which
Gradle configuration(s) each dependency is required by.
`GRADLE_PROD_CONFIGURATIONS_REGEX` allows specifying
production configurations explicitly. All other configurations are
considered development. Alternately, dev configurations may be
specified in `GRADLE_DEV_CONFIGURATIONS_REGEX` and all others are
considered production.
* Changes based on meeting prior to the holidays
* fluent assertions
* Visual studio recommendations
* More fluent assertsions
* Fix test to be cross-platform
* Fix the cross-platform test fix
* Fix code coverage by removing dead code check
* Address code review comments
Previously, the Go-Detector by default scanned the manifest and generated components. We were using EnableGoCliScan env. variable to activate the Go Cli Detector. With this change, the use of EnableGoCliScan is removed. The Go detector by default uses Cli scan.
To manually override this behavior, new env. variable DisableGoCliScan is introduced.
Greg Villicana
James Oakley
Justin Perez
Rushabh
Jamie Magee