Test Offline Composition Analysis
In order to verify we are confident in our MVC offline work we need to test it.
This is MVC only, we should make note about what we should do post MVC HERE to improve test coverage and under the guidance of quality create scripts/resources/whatever in order to have that implemented as part of their test environment for offline.
The following should be completed (and not by the dev who did them):
@xlgmokha
Container Scanning --
review demo script does it make sense / is OK -
Follow step 2 in demo script to set up a test project from the template -
Follow step 3 in demo script -
Immediately record any ~bug found with a ~P1 issue. -
review user documentation, any edits/improvements (also be aware of effort to make consistent HERE)
@brytannia
License Compliance - Maven --
test step 5 in demo script in GCP environment. Record and ~p1 any ~bug found.
@brytannia
License Compliance - Pip --
test step 6 in demo script in GCP environment. Record and ~p1 any ~bug found.
@brytannia
License Compliance - Pipenv --
test step 6 in demo script in GCP environment. Record and ~p1 any ~bug found.
@xlgmokha
License Compliance - Documentation --
add a link from https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html#specific-scanner-instructions !29195 (merged) -
add maven specific documentation !29195 (merged) -
add python specific documentation !28834 (merged) -
review user documentation, any edits/improvements (also be aware of effort to make consistent HERE)
@ifrenkel
Dependency Scanning - Java (Maven) --
test step 5.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE -
bug: #213146 (closed)
@ifrenkel
Dependency Scanning - Java (Gradle) --
test step 6.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE -
bug: #213713 (closed)
@gonzoyumo
Dependency Scanning JavaScript (npm) --
test step 7.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@gonzoyumo
Dependency Scanning JavaScript (yarn) --
test step 8.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@ifrenkel
Dependency Scanning PHP (composer) --
test step 9.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@ifrenkel
Dependency Scanning Python (pip) --
test step 10.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@ifrenkel
Dependency Scanning Python (pipenv) --
test step 11.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@ifrenkel
Dependency Scanning Python (setuptools) --
test step 12.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE -
bug: #213878 (comment 323750883)
@ifrenkel
Dependency Scanning Ruby (gem) --
test step 13.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
@ifrenkel
Dependency Scanning Scala (sbt) --
test step 14.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE -
bug: #214260 (closed)
@ifrenkel
Dependency Scanning Go (Go Modules) --
test step 15.a-d in demo script in GCP environment. Copy in any project and create any repository needed to accomplish this immediately record and ~p1 any ~bug found. Document what project was copied in as well as steps for any repo created and share with quality issue HERE
Dependency Scanning - Documentation
-
review demo script does it make sense / is OK -
review user documentation, any edits/improvements (also be aware of effort to make consistent HERE)
Edited by Nicole Schwartz