Remove orchestrator package from common analyzer
Problem to solve
We've already deprecated the DinD mode and switched to non-DinD by default. Orchestrator layer should be removed after we remove DS_DISABLE_DIND
, SAST_DISABLE_DIND
variables from templates
Intended users
User experience goal
Orchestrator layer should no longer used by Common library.
Proposal
- Remove orchestrator from common library
Implementation Plan
- Update common library
-
Remove orchestrator package from common analyzer
-
- Update READMEs
-
Add deprecation note to https://gitlab.com/gitlab-org/security-products/dependency-scanning/ -
Add deprecation note to https://gitlab.com/gitlab-org/security-products/sast/
-
Further details
Permissions and Security
No change.
Documentation
- remove SAST DinD documentation, related env variables and any other related section.
- remove Dependency Scanning DinD documentation, related env variables and any other related section.
Availability & Testing
DinD for SAST and Dependency Scanning are no longer tested. The test projects are used to test the no-DinD setup where each analyzer runs in its own CI job. In particular, the master
branch of all test projects is used to check the default no-DinD setup.
What does success look like, and how can we measure that?
SAST and Dependency Scanning no longer support DinD mode.
What is the type of buyer?
Is this a cross-stage feature?
This impacts:
Links / references
Release post for planned removal: gitlab-com/www-gitlab-com!52499 (diffs)
Edited by Fabien Catteau