Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 44,058
    • Issues 44,058
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,310
    • Merge requests 1,310
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #12811
Closed
Open
Issue created Jul 12, 2019 by Olivier Gonzalez@gonzoyumo🙂Developer4 of 5 checklist items completed4/5 checklist items

Allow pip version to be configured in Dependency Scanning

Problem to solve

Allow installing a custom version of pip registries to fulfill specific needs.

Intended users

  • Persona: DevOps Engineer
  • Persona: Software developer

Proposal

  • Add a DS_PIP_VERSION to our vendored template to pass them down to the analyzers.
  • leverage this variables in the gemnasium-python analyzer to install a custom version of pip

Permissions and Security

Documentation

  • add this variable to dependency scanning documentation](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables). We probably need to specify that only the gemnasium-python analyzer is supporting this option.

Testing

  • find relevant test projects and make sure pipelines pass

What does success look like, and how can we measure that?

Customers can use a specific version of pip.

What is the type of buyer?

GitLab Ultimate

Links / references

Product

  • Release Notes
Edited Jan 09, 2020 by Nicole Schwartz
Assignee
Assign to
Time tracking