Document what's not supported in Dependency Scanning, link to issues

Problem to solve

When looking at the docs of Dependency Scanning users don't know what languages and package managers are likely to be supported in the near future. To figure that out, they have to search the GitLab EE project for issues, which is not convenient, time consuming, and not reliable. They may not be able to find the relevant issue and eventually ping the support team or create a duplicate, which results in a waste of time for both the user and the team maintaining Dependency Scanning.

Proposal

Add links to "Support XYZ in Dependency Scanning" to GitLab documentation.

• Create issues for the most frequently request languages and package managers.
• Add a table of what's not currently supported in Dependency Scanning, right after Supported languages and package managers, and add links to issues about supporting new technologies. Alternatively we could merge the two table into a single compatibility matrix.

Issues that already exist:

• Go support
• Pipenv support
• Poetry support
• Gradle support

This approach could be extended to ~sast and ~"license management".

Who can address the issue

Anyone.

/cc @NicoleSchwartz @tpresa @ccasella @axil @gonzoyumo

added Category:Dependency Scanning [DEPRECATED] docsimprovement documentation + 1 deleted label

@kencjohnston @twoodham This issue is specific to Dependency Scanning but we could do the same for SAST and update the documentation with links to issues about supporting new languages and frameworks.

Thanks for this @fcatteau , it's a really valuable improvement for our customers

Instead of creating another table, we can extend the existing one and add a column of "Supported".

assigned to @axil

changed milestone to %12.1

Here's an MVC https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30030.

@fcatteau should we promote this issue to an epic and add the relevant issues under it?

@axil I'd say yes, it's worth an epic, but this is not my call. @NicoleSchwartz @gonzoyumo WDYT?

You mean an epic to update other docs in a similar way?

I'd love an Epic and issues for the other scan types. @NicoleSchwartz could you create that and assign the SAST and DAST issues to the SDA group and me?

changed the description

added devopssecure groupcomposition analysis labels

changed milestone to %12.2

I'll unassign myself from this. The MVC is merged, I see only Poetry is missing. If anyone can do this for 12.1, that would be great.

Actually, @marcel.amirault @MattPennaThe3rd this is another easy one. Just add https://gitlab.com/gitlab-org/gitlab-ee/issues/7006 to the table https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#supported-languages-and-package-managers

unassigned @axil

added [deprecated] Accepting merge requests label

assigned to @MattPennaThe3rd

removed [deprecated] Accepting merge requests label

@fcatteau Axil added go, pipenv and poetry to the list, and when https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31228 is merged, gradle will be added to the list. Is that enough to close this issue?

@marcel.amirault Yes, we should close this issue once https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31228 is deployed on production.

assigned to @marcel.amirault and unassigned @MattPennaThe3rd

added Enterprise Edition label

removed 1 deleted label

added Category:Software Composition Analysis SCA:Dependency Scanning labels