Document limitations of secure analyzers which run as non-root user
Problem to solve
During Engineering discovery: allow secure analyzer docker containers to run as a non-root user to support OpenShift, it was determined that switching to a non-root user may introduce a breaking change for users that have configured a before_script which relies on root privileges.
We need to update the Dependency Scanning documentation to document this behaviour change.
Proposal
The purpose of this issue is to add details to the Dependency Scanning documentation to explain:
- Which analyzers are now running as non-root user
- Which version of each analyzer was responsible for this behaviour change
- Some of the caveats/drawbacks of switching to a non-root user, such as custom
before_scriptdirectives no longer working if they rely on root access - Possible workarounds