Release Dependency Scanning Docker images compatible with OpenShift
Problem to solve
While working on Engineering discovery: allow secure analyzer docker containers to run as a non-root user to support OpenShift, a number of merge requests were created to update the following secure analyzers so they now run as a non-root user:
- bundler-audit
- gemnasium
- gemnasium-maven
- gemnasium-python
- retire.js
However, it was not possible to merge and release new analyzers because we were unable to test them in an offline or OpenShift environment. Once we're able to complete these tests, we should merge and release these OpenShift-compatible analyzers running as non-root.
Intended users
Proposal
When the following issues have been completed:
-
Test secure analyzers running as non-root user in OpenShift environment - [NA]
Test secure analyzers running as non-root in automated offline testing environment
We need to merge and release the following analyzers:
-
bundler-audit -
gemnasium -
gemnasium-maven -
gemnasium-python -
retire.js
See MRs listed in #290240 (closed)
Documentation
Documentation will be handled in Document limitations of secure analyzers which run as non-root user, and should be released right after the above analyzers have been merged.
Availability & Testing
See #290240 (closed)
What does success look like, and how can we measure that?
The following analyzers are compatible with OpenShift:
- bundler-audit
- gemnasium
- gemnasium-maven
- gemnasium-python
- retire.js
What is the type of buyer?
GitLab Ultimate Enterprise Edition