Demo project that shows all Dependency Scanning features
Problem to solve
There's a need for a demo project that demonstrates all Dependency Scanning (DS) features:
- Support engineers need a way to quickly check that DS features work properly on a GitLab installation.
- Developers working on the DS features need a project with data.
The demo project would have:
- DS jobs for all supported languages and package managers
- Dependency List with DS vulnerabilities
- Vulnerability Report page with DS vulnerabilities
- Auto-remediation for DS vulnerabilities
Proposal
Create a composite project made of all the test projects, possibly using git submodule.
Implementation plan
-
create a dependency-scanning
project under https://gitlab.com/gitlab-org/security-products/tests -
add CI config and enable Dependency Scanning in this new project -
copy files from Dependency Scanning test projects or use git submodules -
add README to communicate the purpose of the project, and how to maintain it -
announce in groupcomposition analysis weekly meeting -
announce in groupcomposition analysis Slack channel
Edited by Igor Frenkel