Document detection logic changes in SAST and DS when switching to no-DinD mode
Problem to solve
Removing the DinD requirement for Security features comes with some discrepancies in the detection logic that were highlighted in #37453 (closed)
As we agreed to accept them, we now need to document them.
Further details
Proposal
-
Update SAST and DS use documentation to explicit the detection logic discrepancies between DinD and non DinD mode. We should probably point at the linguist gem definitions instead of duplicating the table in our doc, as we're likely to be out of sync. !28444 (merged) -
clearly state in the doc that when introducing files or dependencies for a new language/package manager, the corresponding scans won't be triggered in the MR, and will only run on the default_branch
once the MR is merged. !29016 (merged)
Ultimately this is going to be addressed either by calculating CI_REPOSITORY_LANGUAGES
for all branches or by using rules:exists
after switching to the rules syntax in SAST and in Dependency Scanning.
Who can address the issue
groupcomposition analysis team members or @ngaskill
Other links/references
Edited by Fabien Catteau