Document DS_PIP_DEPENDENCY_PATH option for Dependency Scanning and add to vendored template
Problem to solve
To address gitlab-org/security-products/analyzers/gemnasium-python!11 (merged) we've added an option to specify a path to the installed python pip dependencies.
We should document this new option and allow to use this variable from the Dependency Scanning vendored template.
Intended users
Proposal
-
rename the PIP_DEPENDENCY_PATH
environment variable in gemnasium-python intoDS_PIP_DEPENDENCY_PATH
. Keep the oldPIP_DEPENDENCY_PATH
value as an alias for backward compatibility. (gitlab-org/security-products/analyzers/gemnasium-python!24 (merged)) -
add the DS_PIP_DEPENDENCY_PATH
variable to the vendored template (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762) -
document DS_PIP_DEPENDENCY_PATH
in the Available variables section (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30762)
Testing
-
update the python-pip test project to use DS_PIP_DEPENDENCY_PATH
, and make sure it really uses it - that's not the case right now and the integration test is misleading (gitlab-org/security-products/analyzers/gemnasium-python!24 (comment 193912902))
What does success look like, and how can we measure that?
DS_PIP_DEPENDENCY_PATH
option is properly documented.