Support custom PyPI registries in Dependency Scanning
Problem to solve
Allow custom PyPI registries to be used in Dependency Scanning by supporting
PIP_EXTRA_INDEX_URL environment variables.
PIP_EXTRA_INDEX_URLto our vendored template to pass them down to the analyzers. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704
leverage these variables in the gemnasium-python analyzerThese variables should be automatically leveraged by pip command, no need for any addition in the analyzer's code.
add these variables to dependency scanning documentation. We probably need to specify that only the
gemnasium-pythonanalyzer is supporting this option. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704
find relevant test projects and make sure pipelines pass.Test manually by forcing these variables to wrong values, see https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30704
What does success look like, and how can we measure that?
Customers can leverage custom PyPI registries.