dependabot: gradle audit

[mcandre]

Now that Gradle has a decent plugins for reporting CVE's in JVM projects, would be helpful for dependabot to report these findings, just like it does for Ruby and Node projects.

See the net.ossindex.audit plugin, for example. This quickly identified several CVE's in my Java projects on GitHub that dependabot completely missed.

[jhutchings1]

We're working with the folks at Gradle on our dependency submission API so that we can get native support for Gradle analysis within the product. Keep an eye on the changelog for announcements in this space.

[mikepenz]

The Dependency Submission API was launched as a public beta.

Right now GitHub offers an official go action.
Similar to the go action, we've built a gradle based one to publish gradle dependencies. The action is still very new, and all feedback is welcome. Gradle Dependency Submission Action