Air-gapped (offline) support for gemnasium analyzer (Dependency Scanning)
Problem to solve
Our gemnasium analyzer currently requires internet connectivity to run using standard configuration. We should aim to support offline execution and provide clear documentation on how to configure it for such installations.
update dependency scanning template to accept the
DS_REMEDIATEvar (!27947 (merged))
update documentation to add the
DS_REMEDIATEvar and how to use to disable remediation (!27967)
Permissions and Security
Make it explicit in the dependency scanning documentation https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html about air-gapped support and how to set it up.Outside of the scope of this issue - documentation to be handled in a separate issue Document air-gapped (offline) Dependency Scanning for on-prem instances
- Document the changes introduced by this issue in the dependency scanning documentation. See !25883 (merged) for details
TODO: if not already done, define a proper way to test the air-gapped environment, share it in the parent epic &1359 and try to reuse it across all similar issues as much as possible.
Nicole's note - i think testing stuff is happening here and you can consult here - #207063
What does success look like, and how can we measure that?
Gemnasium analyzer is able to scan a project in an air-gapped environment.