14.1 Analyzer Updates - public issue
THIS ISSUE DUPLICATES A PRIVATE INTERNAL RELEASE ISSUE PURELY FOR PUBLIC VISIBLITY https://gitlab.com/gitlab-org/security-products/release/-/issues/112
Prepare
SAST
-
Check the analyzers list and make sure it includes the analyzers/languages recently added.
Dependency Scanning
-
Check the analyzers list and make sure it includes the analyzers/languages recently added.
Check upstream updates
Static Analysis Analyzers
Please scrutinize the following dependencies according to our the guidance listed in the handbook.
-
bandit | Already at the current latest of 1.7.0 -
eslint | gitlab-org/security-products/analyzers/eslint!86 (merged) -
eslint package.json and other dependencies | gitlab-org/security-products/analyzers/eslint!86 (merged) -
mobSF | Already at the current latest of 3.4.3
-
flawfinder | gitlab-org/security-products/analyzers/flawfinder!62 (merged) - [-] gosec | gitlab-org/security-products/analyzers/gosec!119 (merged) | see https://gitlab.com/gitlab-org/security-products/release/-/issues/112#note_630464379 as to why this won't be updated
-
sobelow | Already at the current latest of 0.11.1 -
semgrep | gitlab-org/security-products/analyzers/semgrep!67 (merged)
-
pmd-apex gitlab-org/security-products/analyzers/pmd-apex!66 (merged) -
spotbugs gitlab-org/security-products/analyzers/spotbugs!106 (merged)
Container Scanning Analyzers
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.
License Compliance
Dependency Scanning Analyzers
Post release
QA
-
Check latest QA Orchestrator pipeline and ensure all pipelines are successful.
Edited by Taylor McCaslin