fix: add hint for Elastic APM Java agent CPE mapping

[Umesh042005]

Description of Change

This change adds a small hint to help Dependency-Check correctly
identify the Elastic APM Java agent as apm_java_agent.

Without this hint, the Java agent may be matched to the generic
elastic:apm_agent, which can cause Java-specific CVEs to be missed.

Related issues

Relates to #8008

Have test cases been added to cover the new functionality?

No

[chadlwilson]

Does the change/hint work? What are the results before/after?

[Umesh042005]

Thanks @chadlwilson for the question.
I have not been able to fully test this locally yet.
The change is based on the existing hint patterns used to resolve similar false-negative CPE mappings (for example, other language-specific agents).
Before this hint, the Java Elastic APM agent may be identified as the generic elastic:apm_agent, which can cause Java-specific CVEs to be missed.
After applying the hint, the dependency should be identified as
apm_java_agent, allowing the correct CVEs to be matched.
If needed, I can try to validate this further and share concrete
before/after scan results.

[chadlwilson]

A simple "no" would be enough, if you haven't tested it. (Are your messages AI generated?)

In my opinion, you should demonstrate evidence a non-trivial change actually has the intended effect when proposing it.

[Umesh042005]

@chadlwilson sir,
I’m new to open source, so I did take some help while writing the response and
I haven’t tested this yet .
I got it your point that testing is important for this kind of change.
I’ll try to test it and after testing i will share the result here.

[Umesh042005]

@chadlwilson Sir, I tested the behavior before and after refining the hint.

Before the hint, the Elastic APM Java agent was resolved only as the generic
apm_agent. After the hint, apm_java_agent is now correctly identified.
I’ve attached screenshots showing the before/after
results and the hint itself.



Since this involved a small change in the hint, I’ll open a new PR with the
updated implementation.
Please let me know if this looks good and if I should proceed with the PR.

[Umesh042005]

@chadlwilson I tested the behavior before and after refining the hint. can you please check the Screenshots ? so it will help me to clear pov .

[chadlwilson]

@Umesh042005 thanks Umesh, I'll take a look soon 👍

[chadlwilson]

LGTM (this was a quick one, dont know why I was procrastinating!)

[Umesh042005]

Hi @chadlwilson chadlwilson, I have applied the suggested tweak for consistency. Could you please approve the workflows to run the final checks? Thanks

[chadlwilson]

I’m just a contributor & issue trigger - I don’t have maintenance permissions.

[jeremylong]

sorry for the delay - I've been extremely busy. I'll try to get a few of the PRs (like this one) merged in the next week and create a new release.

[chadlwilson]

@Umesh042005 the failing test is not due to your change. If you rebase on current master, or merge from master it should be fixed.

[Umesh042005]

"Hi @chadlwilson , @jeremylong , I have merged the latest changes from the master branch as suggested. The previous build failure is now resolved. Could you please approve the workflows to run the final checks? Thank you!"