I worked with such a company policy historically. The deal we made was that you can use Maven and a enterprise Maven repo (Sonatype for example), and then just add authorized libs in there.
The use maven as a normal dependency manager. If you can't access to a lib when you run
mvn install, then you can decide what you need to do:
- remove the lib you don't want to use
- add authorization to add this lib to your company policy
Another way for doing that (and we went to that path) is to allow everything from the company repository but people in charge of the policy can run audits on the repository and see what libs are used and if they are compatible with the policy. Which means as well that every project which uses Maven need to publish their project on the company repository so you can link all that together.
In short, maven/gradle is not the problem here.
Coming back to your problem, just create a minimalistic maven project at home, then add the transport lib as explained in our docs and launch
mvn dependency:tree. You'll get the list of the dependencies you manually need to add.