Reduce unnecessary dependency scanning alerting
The noise from this is not currently at a level where I’m concerned it may drown something else out. But we should keep an eye on it.
This week there were two notifications at a time that this failed, and we received notifications on three days.
Two things to consider
Only run dependency scanning on EE. To date, there is no instance of us including anything in CE that we don't also ship in EE. The opposite is not true though.
Only alert on issues which are not currently being handled. This is definitely related to https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5459. The current binary nature of pipeline failures as an alerting mechanism is not optimal for this though.