Replace dependency_scanning job definition with a vendored template
Problem to solve
Job definition for dependency scanning is frozen, and can't be easily updated without creating breaking changes.
With gitlab-ce#53445 (closed), we'll be able to ship a template embedded with each version of GitLab. The template can be updated from one version to another, without impacting our users.
What does success look like, and how can we measure that?
The new official job definition is a single inclusion instruction:
include: template: Dependency-Scanning.gitlab-ci.yml
Links / references
Dependency-Scanning.gitlab-ci.ymlwith the contents from the example to the templates dir under
[ ] Update the CI template inclusion logic to search for files in
ee/lib/gitlab/ci/templates/in GitLab EE
- Add check for EE-licensed feature to the job definition
exceptsection with variable to disable the job
- Test in the development environment on a test project
- Update the Documentation for the Dependency Scanning CI configuration