Document DS_PIP_DEPENDENCY_PATH option for Dependency Scanning and add to vendored template
Problem to solve
To address gitlab-org/security-products/analyzers/gemnasium-python!11 (merged) we've added an option to specify a path to the installed python pip dependencies.
We should document this new option and allow to use this variable from the Dependency Scanning vendored template.
Intended users
Proposal
-
rename the
PIP_DEPENDENCY_PATHenvironment variable in gemnasium-python intoDS_PIP_DEPENDENCY_PATH. Keep the oldPIP_DEPENDENCY_PATHvalue as an alias for backward compatibility. (gitlab-org/security-products/analyzers/gemnasium-python!24 (merged)) -
add the
DS_PIP_DEPENDENCY_PATHvariable to the vendored template (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762) -
document
DS_PIP_DEPENDENCY_PATHin the Available variables section (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)
Testing
-
update the python-pip test project to use
DS_PIP_DEPENDENCY_PATH, and make sure it really uses it - that's not the case right now and the integration test is misleading (gitlab-org/security-products/analyzers/gemnasium-python!24 (comment 193912902))
What does success look like, and how can we measure that?
DS_PIP_DEPENDENCY_PATH option is properly documented.