npm JavaScript air-gapped (offline) License Compliance
Problem to solve
Intended users
Further details
Proposal
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Implementation Plan
-
Set up a custom npm registry in the Offline test environment. -
Exclude devDependencies from scan results. https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/141 -
Add integration test(s) to fetch dependencies from a custom npm registry. https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/145 -
Add integrations test(s) to verify that dependencies can be installed from a custom npm registry served with a custom self signed TLS certificate that is not in the default root certificate authority trust store. https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/145 -
Add documentation to describe any special setup or configuration required for fetching dependencies from a custom npm registry. Example !31258 (merged) -
Add documentation to describe any setup required for working in an offline environment. Example !31258 (merged) -
Add example project to templates https://gitlab-airgap-test.us-west1-b.c.group-secure-a89fe7.internal/templates/js-npm
Links / references
Edited by mo khan