Security products not working behind a proxy
Summary
Right now, SAST and Dependency Scanning (DS) don't work behind a proxy. This is because the HTTP proxy configuration is not properly propagated to SAST and DS.
Steps to reproduce
- Install GitLab behind a proxy
- Create a project and enable Auto DevOps
- Run a pipeline
SAST & DS jobs will fail.
What is the current bug behavior?
SAST & DS jobs fail because they're unable to download the Docker images or binaries they need. The GitLab Runners can't resolve the names of the hosts serving these images and binaries.
What is the expected correct behavior?
SAST & DS jobs should use the HTTP proxy configuration when downloading resources.
Possible fixes
- The SAST rewrite described in https://gitlab.com/gitlab-org/gitlab-ee/issues/5232 gives us a good opportunity to fix this issue.
Edited by Philippe Lafoucrière