Document DS_PIP_DEPENDENCY_PATH option for Dependency Scanning and add to vendored template

Problem to solve

To address gitlab-org/security-products/analyzers/gemnasium-python!11 (merged) we've added an option to specify a path to the installed python pip dependencies.

We should document this new option and allow to use this variable from the Dependency Scanning vendored template.

Intended users

Persona: Software developer

Proposal

rename the PIP_DEPENDENCY_PATH environment variable in gemnasium-python into DS_PIP_DEPENDENCY_PATH. Keep the old PIP_DEPENDENCY_PATH value as an alias for backward compatibility. (gitlab-org/security-products/analyzers/gemnasium-python!24 (merged))
add the DS_PIP_DEPENDENCY_PATH variable to the vendored template (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)
document DS_PIP_DEPENDENCY_PATH in the Available variables section (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)

Testing

update the python-pip test project to use DS_PIP_DEPENDENCY_PATH, and make sure it really uses it - that's not the case right now and the integration test is misleading (gitlab-org/security-products/analyzers/gemnasium-python!24 (comment 193912902))

What does success look like, and how can we measure that?

DS_PIP_DEPENDENCY_PATH option is properly documented.

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Jul 19, 2019 by xlg