Standardize Security Analyzers Logging
Problem to solve
There is a lack of control over logging and a lack of convention for our Security Analyzers.
gitlab-org/security-products/analyzers/common!73 (merged) has an example of how to use the common logrus format.
SECURE_LOG_LEVELin GitLab docs.
Update https://docs.gitlab.com/ee/development/integrations/secure.html to mention how to use logrus / common logrus format.
Add support for the
SECURE_LOG_LEVELenv var in common.
(Static Analysis) replace fmt print and log calls with the appropriate logrus calls in:
(Dependency Scanning) replace fmt print and log calls with the appropriate logrus calls in:
Update klar to use the common logutil for setting the formatter
What does success look like, and how can we measure that?
- All output is configurable via logrus
fmtis no longer used to output messages
- There is a convention documented for the developer of Security Products and it's executed for any new Security Product project created
What is the type of buyer?
- GitLab Ultimate users
- users of the Security Products in their standalone form (as Docker images)
Links / references
Started as a side-talk within #9592 (closed)