CI Lint error when Dependency Scanning template included but no test stage
Summary
When including the ~"Category:Dependency Scanning" template in a CI config that defines the pipeline stages
but don't have a test
stage, GitLab fails to create a pipeline, and reports a CI Lint error instead.
Workarounds:
- Add the
test
stage to thestages
defined in the CI config - Override the job definitions of the Dependency Scanning jobs, and for the
stage
to use one of thestages
defined in the CI config
This also affects Category:SAST, Category:Secret Detection, and Category:Container Scanning.
Steps to reproduce
Create a GitLab project with a CI configuration file that includes the Dependency Scanning template and forces the stages
so that test
is not listed.
stages:
- build
include:
- template: Dependency-Scanning.gitlab-ci.yml
Example Project
https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/pipelines/168533261
What is the current bug behavior?
CI Lint error for the pipeline.
What is the expected correct behavior?
The pipeline is created, and the Dependency Scanning jobs are executed.
Relevant logs and/or screenshots
Found errors in your .gitlab-ci.yml:
- dependency_scanning job: chosen stage does not exist; available > - stages are .prebuild
- .post You can also test your .gitlab-ci.yml in CI Lint
Possible fixes
There's no fix but the documentation could be improved. It should tell Dependency Scanning requires a test
stage by default, and explain how Dependency Scanning jobs can be overridden to use a different stage. Same applies to SAST, Secret Detection, and Container Scanning.