Remove duplication from secure analyzer Dockerfiles

Problem to solve

The following analyzer projects have duplicated logic for:

1. Updating the AnalyzerVersion
2. Creating SSL directories and updating permissions

• gemnasium-python
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• kubesec
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• bundler-audit
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• gemnasium
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• retire.js
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• eslint
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• gemnasium-maven
  • update AnalyzerVersion
  • create ssl dirs and update permissions
• phpcs-security-audit
  • update AnalyzerVersion
  • create ssl dirs and update permissions

We should figure out how to remove this duplication, possibly by creating a shell script which is downloaded and executed by the Dockerfile during the build process.

The purpose of this issue is to:

1. investigate the best way remove this duplication, determining the pros/cons of each approach
2. make the changes to the above analyzer projects

Intended users

• Sasha (Software Developer)

User experience goal

Less duplicate code, easier maintenance, less chance for errors

Proposal

TODO

Further details

See here for related discussion

What does success look like, and how can we measure that?

Duplicate code is removed from the Dockerfile for the analyzers listed in the Problem to solve section.

What is the type of buyer?

GitLab Ultimate Enterprise Edition

Is this a cross-stage feature?

Yes, this affects both ~"Category:Dependency Scanning" and Category:SAST