13.11 Analyzer Updates
THIS ISSUE DUPLICATES A PRIVATE INTERNAL RELEASE ISSUE PURELY FOR PUBLIC VISIBLITY https://gitlab.com/gitlab-org/security-products/release/-/issues/109
Prepare
SAST
-
Check the analyzers list and make sure it includes the analyzers/languages recently added.
Dependency Scanning
-
Check the analyzers list and make sure it includes the analyzers/languages recently added.
Check upstream updates
Static Analysis Analyzers
Please scrutinize the following dependencies according to our the guidance listed in the handbook.
- [-] brakeman - brakeman is on the latest version at 5.0.0
- [-] phpcs-security-audit - phpcs-security-audit is on the latest version at 2.0.1
-
security-code-scan - Needs to be updated version 5.0.0. Deferred to %13.12
-
bandit - bandit is on the latest version 1.7.0 -
eslint: gitlab-org/security-products/analyzers/eslint!75 (merged) -
mobSF: gitlab-org/security-products/analyzers/mobsf!21 (merged) -
SAST template for MobSF version: !58594 (merged)
- [-] flawfinder no updated needed as v0.11.1 is the latest release
- [-] gosec no update needed as v2.7.0 is the latest release
- [-] sobelow no update needed as v2.0.15 is the latest release
- [-] kubesec No updated needed as v2.11.0 is the latest release
-
nodejs-scan | gitlab-org/security-products/analyzers/nodejs-scan!96 (merged) -
secrets | gitlab-org/security-products/analyzers/secrets!109 (merged)
-
pmd-apex gitlab-org/security-products/analyzers/pmd-apex!57 (merged) -
spotbugs gitlab-org/security-products/analyzers/spotbugs!96 (merged)
Container Scanning Analyzers
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb
template.
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb
template.
License Compliance
Dependency Scanning Analyzers
Post release
QA
-
Check latest QA Orchestrator pipeline and ensure all pipelines are successful.
Edited by Taylor McCaslin