Remove orchestrator package from common analyzer

Problem to solve

We've already deprecated the DinD mode and switched to non-DinD by default. Orchestrator layer should be removed after we remove DS_DISABLE_DIND, SAST_DISABLE_DIND variables from templates

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

User experience goal

Orchestrator layer should no longer used by Common library.

Proposal

• Remove orchestrator from common library

Implementation Plan

• Update common library
  • Remove orchestrator package from common analyzer
• Update READMEs
  • Add deprecation note to https://gitlab.com/gitlab-org/security-products/dependency-scanning/
  • Add deprecation note to https://gitlab.com/gitlab-org/security-products/sast/

Further details

Permissions and Security

No change.

Documentation

• remove SAST DinD documentation, related env variables and any other related section.
• remove Dependency Scanning DinD documentation, related env variables and any other related section.

See implementation plan

Availability & Testing

DinD for SAST and Dependency Scanning are no longer tested. The test projects are used to test the no-DinD setup where each analyzer runs in its own CI job. In particular, the master branch of all test projects is used to check the default no-DinD setup.

What does success look like, and how can we measure that?

SAST and Dependency Scanning no longer support DinD mode.

What is the type of buyer?

GitLab Ultimate

Is this a cross-stage feature?

This impacts:

• groupcomposition analysis
• groupstatic analysis

Links / references

Release post for planned removal: gitlab-com/www-gitlab-com!52499 (diffs)