Follow-up from "Document all the available options for Dependency Scanning"
The following discussion from !29347 (merged) should be addressed:
-
@fcatteau started a discussion: (+3 comments) @axil Actually this is not totally true. DS will perform early detection if the base name of the image matches one of the official analyzers. For instance, detection will be based on the Retire.js analyzer if the path of the custom image is
analyzers/retire.js:xyz
.@gonzoyumo @plafoucriere This could be considered as a bug. WDYT?
Here's the piece of code responsible for this: https://gitlab.com/gitlab-org/security-products/analyzers/common/blob/v2.4.1/orchestrator/orchestrator.go#L94