Dependency Scanning support for Swift
Problem to solve
Add support for the Swift language in Dependency Scanning.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
Further details
Swift is becoming the de-facto standard for iOS development (by being the only official choice with Objective-C, and younger than the latter). It also features a package manager.
Proposal
We don't have an official source for Swift packages (called "modules"). Probably NVD has some entries, but we need to investigate on this to confirm. Apple has a page of security updates but it's for the compiler itself, not the dependencies, and even less for open-source, community packages.
Permissions and Security
N/A
Documentation
Update https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html and our Security Deck
Availability & Testing
TODO
What does success look like, and how can we measure that?
- Users with Swift projects get dependency scanning results