Skip to content
GitLab
Next
    • Why GitLab
    • Pricing
    • Contact Sales
    • Explore
  • Why GitLab
  • Pricing
  • Contact Sales
  • Explore
  • Sign in
  • Get free trial
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #12412

Document DS_PIP_DEPENDENCY_PATH option for Dependency Scanning and add to vendored template

Problem to solve

To address gitlab-org/security-products/analyzers/gemnasium-python!11 (merged) we've added an option to specify a path to the installed python pip dependencies.

We should document this new option and allow to use this variable from the Dependency Scanning vendored template.

Intended users

Persona: Software developer

Proposal

  • rename the PIP_DEPENDENCY_PATH environment variable in gemnasium-python into DS_PIP_DEPENDENCY_PATH. Keep the old PIP_DEPENDENCY_PATH value as an alias for backward compatibility. (gitlab-org/security-products/analyzers/gemnasium-python!24 (merged))
  • add the DS_PIP_DEPENDENCY_PATH variable to the vendored template (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)
  • document DS_PIP_DEPENDENCY_PATH in the Available variables section (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)

Testing

  • update the python-pip test project to use DS_PIP_DEPENDENCY_PATH, and make sure it really uses it - that's not the case right now and the integration test is misleading (gitlab-org/security-products/analyzers/gemnasium-python!24 (comment 193912902))

What does success look like, and how can we measure that?

DS_PIP_DEPENDENCY_PATH option is properly documented.

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Jul 19, 2019 by mo khan
Assignee
Assign to
Time tracking