feat!: Migrate dependency scanning to V2 template (!1180) · Merge requests · GitLab.com / GitLab Infrastructure Team / common-ci-tasks

What

Migrates dependency scanning from the v1 template (using Gemnasium) to the v2 template (using the new DS analyzer).

Relates to Rollout new analyzer and v2 template to gitlab-... (gitlab-org/gitlab#554871 - closed)

Why

We are doing this because:

Gemnasium is deprecated
For dogfooding purposes
To make use of all the new dependency scanning features that are only available in the new DS analyzer

Testing

In order to test this change I created test-common-ci-tasks that contains a yarn.lock file and a simple .gitlab-ci.yml that imports common-ci-tasks. The pipeline that was triggered shows that dependency_scanning runs successfully.

Edited Oct 23, 2025 by Nick Ilieskou

feat!: Migrate dependency scanning to V2 template

What

Why

Testing

Merge request reports