feat: Add support for gems.locked (#1987)

This PR adds support for `gems.locked`.

---------

Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>

Author: AlexLaroche

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

@@ -3340,6 +3340,23 @@ Scanned <rootdir>/fixtures/locks-scalibr/depsjson file as a deps.json and found
 
 ---
 
+[TestCommand_MoreLockfiles/gems.locked - 1]
+Scanned <rootdir>/fixtures/locks-scalibr/gems.locked file and found 25 packages
++-------------------------------------+------+-----------+----------+---------+------------------------------------+
+| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE  | VERSION | SOURCE                             |
++-------------------------------------+------+-----------+----------+---------+------------------------------------+
+| https://osv.dev/GHSA-9m3q-rhmv-5q44 | 7.5  | RubyGems  | json     | 2.10.1  | fixtures/locks-scalibr/gems.locked |
+| https://osv.dev/GHSA-5w6v-399v-w3cc |      | RubyGems  | nokogiri | 1.18.2  | fixtures/locks-scalibr/gems.locked |
+| https://osv.dev/GHSA-mrxw-mxhj-p664 | 7.8  | RubyGems  | nokogiri | 1.18.2  | fixtures/locks-scalibr/gems.locked |
+| https://osv.dev/GHSA-vvfq-8hwr-qm4m |      | RubyGems  | nokogiri | 1.18.2  | fixtures/locks-scalibr/gems.locked |
++-------------------------------------+------+-----------+----------+---------+------------------------------------+
+
+---
+
+[TestCommand_MoreLockfiles/gems.locked - 2]
+
+---
+
 [TestCommand_MoreLockfiles/packages.config - 1]
 Scanned <rootdir>/fixtures/locks-scalibr/packages.config file and found 2 packages
 No issues found

cmd/osv-scanner/scan/source/command_test.go

@@ -925,6 +925,11 @@ func TestCommand_MoreLockfiles(t *testing.T) {
 			Args: []string{"", "source", "-L", "./fixtures/locks-scalibr/packages.lock.json"},
 			Exit: 0,
 		},
+		{
+			Name: "gems.locked",
+			Args: []string{"", "source", "-L", "./fixtures/locks-scalibr/gems.locked"},
+			Exit: 1,
+		},
 		/*
 			{
 				name: "Package.resolved",

cmd/osv-scanner/scan/source/fixtures/locks-scalibr/gems.locked

@@ -0,0 +1,76 @@
+PATH
+  remote: ..
+  specs:
+    rubydns (2.0.2)
+      async-dns (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    async (2.23.0)
+      console (~> 1.29)
+      fiber-annotation
+      io-event (~> 1.9)
+      metrics (~> 0.12)
+      traces (~> 0.15)
+    async-dns (1.4.1)
+      async
+      io-endpoint
+    async-http (0.87.0)
+      async (>= 2.10.2)
+      async-pool (~> 0.9)
+      io-endpoint (~> 0.14)
+      io-stream (~> 0.6)
+      metrics (~> 0.12)
+      protocol-http (~> 0.49)
+      protocol-http1 (~> 0.30)
+      protocol-http2 (~> 0.22)
+      traces (~> 0.10)
+    async-pool (0.10.3)
+      async (>= 1.25)
+    console (1.29.2)
+      fiber-annotation
+      fiber-local (~> 1.1)
+      json
+    fiber-annotation (0.2.0)
+    fiber-local (1.1.0)
+      fiber-storage
+    fiber-storage (1.0.0)
+    geoip (1.6.4)
+    io-endpoint (0.15.1)
+    io-event (1.9.0)
+    io-stream (0.6.1)
+    json (2.10.1)
+    metrics (0.12.1)
+    nokogiri (1.18.2-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.18.2-x86_64-linux-gnu)
+      racc (~> 1.4)
+    process-daemon (1.0.1)
+      rainbow (~> 2.0)
+    protocol-hpack (1.5.1)
+    protocol-http (0.49.0)
+    protocol-http1 (0.30.0)
+      protocol-http (~> 0.22)
+    protocol-http2 (0.22.1)
+      protocol-hpack (~> 1.4)
+      protocol-http (~> 0.47)
+    racc (1.8.1)
+    rainbow (2.2.2)
+      rake
+    rake (13.2.1)
+    traces (0.15.2)
+
+PLATFORMS
+  arm64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  async-http
+  geoip
+  nokogiri
+  process-daemon
+  rubydns!
+
+BUNDLED WITH
+   2.6.2

docs/supported_languages_and_lockfiles.md

@@ -57,7 +57,7 @@ When scanning source code (`osv-scanner scan source ...`), OSV-Scanner automatic
 | PHP        | `composer.lock`                                                                                                                            |
 | Python     | `Pipfile.lock`<br>`poetry.lock`<br>`requirements.txt`[\*](https://github.com/google/osv-scanner/issues/34)<br>`pdm.lock`<br>`uv.lock`      |
 | R          | `renv.lock`                                                                                                                                |
-| Ruby       | `Gemfile.lock`                                                                                                                             |
+| Ruby       | `Gemfile.lock`<br>`gems.locked`                                                                                                            |
 | Rust       | `Cargo.lock`                                                                                                                               |
 
 ## C/C++ scanning

pkg/osvscanner/internal/scanners/lockfile.go

@@ -67,6 +67,7 @@ var lockfileExtractorMapping = map[string][]string{
 	"go.mod":                      {gomod.Name},
 	"bun.lock":                    {bunlock.Name},
 	"Gemfile.lock":                {gemfilelock.Name},
+	"gems.locked":                 {gemfilelock.Name},
 	"cabal.project.freeze":        {cabal.Name},
 	"stack.yaml.lock":             {stacklock.Name},
 	// "Package.resolved":            {packageresolved.Name},