Engineering Research: Have a plan for Splitting analyze and build phases in Security Products analyzers
Problem to solve
This is a placeholder issue to keep going on Splitting analyze and build phases in Security Products analyzers since we've completed the POC but have no follow-up issue planned yet.
Proposal
Explore and answer these questions:
-
What's in scope, exactly? What can user expect once it's been implemented? -
What are the analyzers impacted by this change? -
What is the migration path? Is this going to be backward compatible? What is the granularity? Can we migrate one analyzer at a time? -
What Linux distributions are we going to support in the first iteration, and later? -
How long does it take to migrate an analyzer project? When do we expect the migration to be more expensive than average? -
How are we going to test this? What are we going to test, thus support? See QA. -
What should be deprecated? Should we deprecate Java pre-compilation (SAST)? -
How to migrate an analyzer project and its QA? -
How to document the change?
TODO
Make a PoC that demonstrates how to the distro packages can be released automatically-
Suggest epics and issues for the initial MVC, and for later improvements -
Write instructions developers will follow when migrating an analyzer project
Is this a cross-stage feature?
Yes. This applies to all Security scanners of the devopssecure stage.
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.