Allow pip version to be configured in Dependency Scanning
Problem to solve
Allow installing a custom version of pip registries to fulfill specific needs.
Intended users
Proposal
-
Add a
DS_PIP_VERSIONto our vendored template to pass them down to the analyzers. - leverage this variables in the gemnasium-python analyzer to install a custom version of pip
Permissions and Security
Documentation
-
add this variable to dependency scanning documentation](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables). We probably need to specify that only the
gemnasium-pythonanalyzer is supporting this option.
Testing
- find relevant test projects and make sure pipelines pass
What does success look like, and how can we measure that?
Customers can use a specific version of pip.