Technical Discovery: investigate child pipelines for security scans

Topic to Evaluate

We should investigate the feasibility of using dynamic child pipelines for our security scans.

Tasks to Evaluate

• Determine feasibility of the feature
• Create issue for implementation or update existing implementation issue description with implementation proposal
• Set weight on implementation issue
• If weight is greater than 5, break issue into smaller issues
• Add task
• Add task

Risks and Implementation Considerations

Child pipelines is still a relatively new feature and may have numerous bugs, as outlined by outstanding bugs associated

Pros

• Programmatic generation of available jobs - gives more flexibility in language or framework detection, pre and post processing steps, etc.
• Isolates security jobs into single pipeline to prevent overly complex pipeline configurations for multilanguage/framework projects

Cons

• child pipelines are relatively untested
• child pipelines do not yet expose their reports to the parent
• child pipelines do not have names or unique identifiers gitlab-org/security-products/tests/js-monorepo!2 (comment 447799048)