Secure+Protect Deprecation: Analyzer images published in new location
Deprecation Summary
GitLab uses various analyzers to scan for security vulnerabilities. Each analyzer is distributed as a container image.
Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under registry.gitlab.com/security-products
.
We will update the default value of GitLab-managed CI/CD templates to reflect this change:
- For all analyzers except Container Scanning, we will update the variable
SECURE_ANALYZERS_PREFIX
to the new image registry location. - For Container Scanning, the default image address is already updated. There is no
SECURE_ANALYZERS_PREFIX
variable for Container Scanning.
In a future release, we will stop publishing images to registry.gitlab.com/gitlab-org/security-products/analyzers
.
Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for offline deployments.
Otherwise, you won't receive further updates.
Breaking Change
This is a breaking change in default behavior only if you mirror images to a separate registry.
If you do, you must update your scripts to pull images from registry.gitlab.com/security-products
before the old registry is retired.
You can find the current list of images in the documentation for GitLab SAST and GitLab Secret Detection.
Affected Topology
All deployment types (~SaaS and self-managed) are affected.
Affected Tier
All tiers (GitLab Free, GitLab Premium, GitLab Ultimate) are affected.
Checklist
-
mention your stage's stable counterparts on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager. - To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams
- If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers
- If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
mention your GPM so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change. -
Customer Success stable counterparts: @bmiller1, @brianwald, @chloe
-
Support stable counterpart: @greg @kategrechishkina @katrinleinweber @joseph
-
Marketing stable counterpart: @cblake2000
-
Director, Product Management: @hbenson
Note: Required and optional reviewers were already @-mentioned on the Deprecation MR (!80471 (merged)).
Deprecation Milestone
Planned Removal Milestone
Links
- https://gitlab.com/gitlab-org/gitlab/-/issues/334325 (confidential issue)
Deprecation announcement: