PIP_REQUIREMENTS_FILE variable no longer being applied by gemnasium-python dependency analyzer
Summary
Specifying PIP_REQUIREMENTS_FILE
variable in .gitlab-ci.yml
has no effect when gemnasium-python
scanner is run against project.
Behaviour appears to have been introduced in this MR when code to import variable into scanner configuration was removed.
Reported by customer in internal ticket.
Steps to reproduce
- Create simple project with just the following files and push:
.gitlab-ci.yml:
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
variables:
SECURE_LOG_LEVEL: debug
gemnasium-python-dependency_scanning:
variables:
PIP_REQUIREMENTS_FILE: "app-requirements.txt"
app-requirements.txt:
Jinja2==2.10
- Job output indicates no requirements file found:
- Rename requirements file to requirements.txt and push - job output indicates requirements.txt file has been used:
Example Project
What is the current bug behavior?
PIP_REQUIREMENTS_FILE
variable is ignored.
What is the expected correct behavior?
File specified in PIP_REQUIREMENTS_FILE
should be used in preference to the default files (requirements.txt etc.)
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
Reinstate code to import PIP_REQUIREMENTS_FILE
variable into scanner config.