Drop support of Docker in Docker (DinD) mode for SAST and Dependency Scanning

Problem to solve

We've already deprecated the DinD mode and switched to non-DinD by default. We now need to officially drop support for this mode. Also, we should stop testing the DinD mode to simply QA for SAST and Dependency Scanning.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

User experience goal

The user should no longer be able to enable Docker in Docker mode for SAST and Dependency Scanning features.

Proposal

• drop related code in relevant places (common, analyzers, etc.)
• remove mention of Dind mode in the documentation see documentation

Implementation Plan

• Update CI configuration templates !41260 (merged)
  • Remove DinD configuration from Dependency-Scanning.gitlab-ci.yml
  • Remove DinD configuration from SAST.gitlab-ci.yml
• Update CI templates used for QA
  • Remove QA for Dependency Scanning in DinD mode gitlab-org/security-products/ci-templates!147 (merged)
  • Remove QA for SAST in DinD mode gitlab-org/security-products/ci-templates!148 (merged)
• Update docs
  • Remove configuring docker orchestrator for DS !40631 (merged)
  • Remove mentions about DS_DISABLE_DIND from docs !40631 (merged)
  • Remove configuring docker orchestrator for SAST !40991 (merged)
  • Remove mentions about SAST_DISABLE_DIND from docs !40991 (merged)

Not covered by this issue:

• Update test projects: covered by #250333 (closed)
  • Merge the no_dind-FREEZE branches into master
  • Rebase *-FREEZE branches
  • Rename no_dind-* branches, if any
  • Remove SAST_DISABLE_DIND from the analyzer template (example)
• Remove orchestrator package from common analyzer: covered by #225875 (closed)

Further details

Permissions and Security

No change.

Documentation

• remove SAST DinD documentation, related env variables and any other related section.
• remove Dependency Scanning DinD documentation, related env variables and any other related section.

See implementation plan

Availability & Testing

DinD for SAST and Dependency Scanning are no longer tested. The test projects are used to test the no-DinD setup where each analyzer runs in its own CI job. In particular, the master branch of all test projects is used to check the default no-DinD setup.

What does success look like, and how can we measure that?

SAST and Dependency Scanning no longer support DinD mode.

What is the type of buyer?

GitLab Ultimate

Is this a cross-stage feature?

This impacts:

• groupcomposition analysis
• groupstatic analysis

Links / references

Release post for planned removal: gitlab-com/www-gitlab-com!52499 (diffs)