Skip to content

Migrate the security products to the vendored templates for security CI jobs

Problem to solve

Currently, the security products' CI config files refer to the templates from https://gitlab.com/gitlab-org/security-products/ci-templates/tree/master/includes. After the arrival of the vendored CI templates for security products, it creates a redundancy: the CI templates of identical content and purpose will be kept in multiple places.

Intended users

~Secure team developers

Proposal

While the ~Secure team cannot abandon this ci-templates repo because of the dev-includes stored there, it would be still beneficial to use the vendored GitLab CI templates for the same purpose:

  • reducing the number of places where the security job definitions are maintained (vendored templates and Auto DevOps template)
  • dogfooding: the same vendored templates will be used by GitLab users at the same time

What does success look like, and how can we measure that?

The ~Secure team updates only the vendored templates and Auto DevOps template during the release cycle of the security products.

Links / references

Vendored CI templates for security products (epic)

/cc @gl-secure