Promote usage of Common library to integrate Security scanners
Problem to solve
So far, the integration of third-party scanners is focusing on documenting how to create a job producing the expected JSON report: https://docs.gitlab.com/ee/development/integrations/secure
This only covers part of the integration layer.
Intended users
Third party integrators
Further details
Proposal
We could promote the usage of the common library to leverage it like a framework to easily integrate within GitLab.
This requires multiple things:
- make sure it's correctly re-organized first: (#211819 (closed) and #207375 (closed))
- make sure licensing is allowing this (common is currently under EE license)
- make sure the benefits are worth it
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
This will impact:
- groupcomposition analysis - @NicoleSchwartz - @gonzoyumo
- groupdynamic analysis - @derekferguson - @sethgitlab
- groupstatic analysis - @tmccaslin - @twoodham
Links / references
Edited by Olivier Gonzalez