Report dd-java-agent itself as a Maven dependency in SCA telemetry (#10975)

Report dd-java-agent itself as a Maven dependency in SCA telemetry

Generate META-INF/maven/com.datadoghq/dd-java-agent/pom.properties at
build time so the SCA dependency pipeline (JarReader → DependencyResolver)
detects com.datadoghq:dd-java-agent in the APP_DEPENDENCIES_LOADED
telemetry events.

Add a unit test in DependencyResolverSpecification verifying the resolver
correctly parses the generated pom.properties, and extend the
AbstractServerSmokeTest tracer-dependency assertion to include
com.datadoghq:dd-java-agent so all server smoke tests validate this
end-to-end against the real shadow JAR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Update telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy

Co-authored-by: Brice Dutheil <brice.dutheil@gmail.com>

Apply reviewer suggestions

- Use built-in Gradle WriteProperties task instead of custom doLast
  action, which handles inputs/outputs/caching natively
- Fix Groovy with{} usage in test: apply it on ZipOutputStream
  (not ZipEntry as incorrectly suggested in the upstream commit)

Merge branch 'master' into alejandro.gonzalez/APPSEC-61920

Use WriteProperties task and wire srcDir via task provider

Use the built-in Gradle WriteProperties task as suggested by bric3.

Instead of splitting the output directory into a separate variable and
adding an explicit dependsOn (which bric3 did not suggest), derive the
srcDir provider from the task itself via generatePomProperties.map{...}.
This way Gradle infers the processResources -> generatePomProperties
dependency automatically, without extra boilerplate.

spotless

Follow existing pattern for generated resources

Follow the same pattern as includedAgentDir/includedJarFileTree:
- declare pomPropertiesDir and pomPropertiesFileTree near the top
- add dependsOn(pomPropertiesFileTree) to processResources
- declare main.resources.srcDir(pomPropertiesDir) in the sourceSets block
- register generatePomProperties (WriteProperties) near generateAgentJarIndex
- wire pomPropertiesFileTree.builtBy(generatePomProperties)

This avoids the need for a task-provider-mapped srcDir since WriteProperties
outputs a single file (not a directory), so the fileTree + builtBy approach
is the correct way to express the dependency.

Combine srcDirs as suggested by reviewer

Replace two separate srcDir calls with a single srcDirs(includedAgentDir, pomPropertiesDir)
as suggested by bric3.

Keep original srcDir and add srcDirs per reviewer diff

Merge branch 'master' into alejandro.gonzalez/APPSEC-61920

Fix duplicate srcDir causing processResources failure

includedAgentDir was registered twice — once via srcDir and again
inside srcDirs. Replace both with a single srcDirs call.

Fix implicit dependency on generatePomProperties from sourcesJar

sourcesJar includes main.resources srcDirs (including pomPropertiesDir)
but had no dependency on generatePomProperties. Add explicit
dependsOn(pomPropertiesFileTree) consistent with the processResources
wiring.

Merge branch 'master' into alejandro.gonzalez/APPSEC-61920

Merge branch 'master' into alejandro.gonzalez/APPSEC-61920

chore: trigger CI

Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>

Author: jandro996

dd-java-agent/build.gradle

@@ -19,8 +19,16 @@ configurations {
 def includedAgentDir = project.layout.buildDirectory.dir("generated/included")
 def includedJarFileTree = fileTree(includedAgentDir)
 
+def pomPropertiesDir = project.layout.buildDirectory.dir("generated/maven-metadata")
+def pomPropertiesFileTree = fileTree(pomPropertiesDir)
+
 tasks.named("processResources") {
   dependsOn(includedJarFileTree)
+  dependsOn(pomPropertiesFileTree)
+}
+
+tasks.named("sourcesJar") {
+  dependsOn(pomPropertiesFileTree)
 }
 
 sourceSets {
@@ -33,7 +41,7 @@ sourceSets {
   "main_java11" {
     java.srcDirs "${project.projectDir}/src/main/java11"
   }
-  main.resources.srcDir(includedAgentDir)
+  main.resources.srcDirs(includedAgentDir, pomPropertiesDir)
 }
 
 def java6CompileTask = tasks.named("compileMain_java6Java") {
@@ -324,6 +332,14 @@ def generateAgentJarIndex = tasks.register('generateAgentJarIndex', JavaExec) {
 }
 sourceSets.main.resources.srcDir(generateAgentJarIndex)
 
+def generatePomProperties = tasks.register('generatePomProperties', WriteProperties) {
+  destinationFile = pomPropertiesDir.map { it.file("META-INF/maven/com.datadoghq/dd-java-agent/pom.properties") }
+  property("groupId", "com.datadoghq")
+  property("artifactId", "dd-java-agent")
+  property("version", project.providers.provider { project.version.toString() })
+}
+pomPropertiesFileTree.builtBy(generatePomProperties)
+
 subprojects { Project subProj ->
   // Don't need javadoc task run for internal projects.
   subProj.tasks.withType(Javadoc).configureEach { enabled = false }

dd-smoke-tests/src/main/groovy/datadog/smoketest/AbstractServerSmokeTest.groovy

@@ -183,7 +183,7 @@ abstract class AbstractServerSmokeTest extends AbstractSmokeTest {
 
     and: 'received tracer dependencies'
     // Not exhaustive list of tracer dependencies.
-    Set<String> missingDependencyNames = ['com.github.jnr:jnr-ffi', 'net.bytebuddy:byte-buddy-agent',].toSet()
+    Set<String> missingDependencyNames = ['com.datadoghq:dd-java-agent', 'com.github.jnr:jnr-ffi', 'net.bytebuddy:byte-buddy-agent',].toSet()
     missingDependencyNames.removeAll(dependencyNames) || true
     missingDependencyNames.isEmpty()
 

telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy

@@ -95,6 +95,26 @@ class DependencyResolverSpecification extends DepSpecification {
       )
   }
 
+  void 'jar with dd-java-agent pom.properties resolves to com.datadoghq:dd-java-agent'() {
+    given: 'a jar containing META-INF/maven/com.datadoghq/dd-java-agent/pom.properties'
+    File file = new File(testDir, 'dd-java-agent.jar')
+    new ZipOutputStream(new FileOutputStream(file)).with {
+      putNextEntry(new ZipEntry('META-INF/maven/com.datadoghq/dd-java-agent/pom.properties'))
+      write('groupId=com.datadoghq\nartifactId=dd-java-agent\nversion=1.0.0\n'.getBytes('UTF-8'))
+      closeEntry()
+      close()
+    }
+
+    when:
+    List<Dependency> deps = DependencyResolver.resolve(file.toURI())
+
+    then:
+    deps.size() == 1
+    deps[0].name == 'com.datadoghq:dd-java-agent'
+    deps[0].version == '1.0.0'
+    deps[0].hash == null
+  }
+
   void 'jar without manifest and no version in filename gets resolved'() {
     // If no manifest info and no suitable file name - calculate sha1 hash
     knownJarCheck(