Update Security Code Scan analyzer default version to v3 in SAST template
Change
In gitlab-com/www-gitlab-com!95480 (diffs), we announced the upcoming removal of out-of-the-box support for .NET versions before 3.0.
To complete this deprecation, we need to update the default image version for Security Code Scan to analyzer v3.
Known risks and mitigations
Risk: We don't know exactly how many people use .NET 2. We can get a general idea, but would need to make improvements to the data fields we collect to get a better sense of usage on .com.
Possible workarounds:
- We may be able to address this type of need with a documented before_script, or find a way to get out of compilation (which would mean something like moving to semgrep).
- We don't want to encourage people pinning to the old version, but we don't pull them down, so that's a potential option for such old versions.
Doc/RP note: We could link to this issue, another feedback issue, or relevant documentation to make it easier for any affected users to discover any validated workarounds.
Edited by Connor Gilbert