Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

Support custom PyPI registries in Dependency Scanning

Problem to solve

Allow custom PyPI registries to be used in Dependency Scanning by supporting PIP_INDEX_URL and PIP_EXTRA_INDEX_URL environment variables.

Intended users

Proposal

Add PIP_INDEX_URL and PIP_EXTRA_INDEX_URL to our vendored template to pass them down to the analyzers. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704
[-] ~~leverage these variables in the gemnasium-python analyzer~~ These variables should be automatically leveraged by pip command, no need for any addition in the analyzer's code.

Documentation

add these variables to dependency scanning documentation. We probably need to specify that only the gemnasium-python analyzer is supporting this option. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704

Testing

~~find relevant test projects and make sure pipelines pass.~~ Test manually by forcing these variables to wrong values, see https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704

What does success look like, and how can we measure that?

Customers can leverage custom PyPI registries.

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Jul 18, 2019 by Fabien Catteau