Bump major version for Static Analysis analyzers
We previously announced that we'll increment analyzer major versions in %15.0.
The versions that are deprecated are listed in the announcement. Note that:
- SAST, IaC Scanning, and Secret Detection are in scope.
- Security Code Scan does not need to be bumped because SCS v3 is already scheduled to become the default version in 15.0, and v2 is the current default version in previous versions of GitLab.
- Code Quality is not in scope.
(Note: Reasoning behind this change included the schema version changes and an effort to improve efficiency+ability to iterate by constraining the support matrix for newer analyzer versions.)
Tasks:
Analyzers
-
Open MRs for the following analyzers, bumping their major versions: -
kics | gitlab-org/security-products/analyzers/kics!36 (merged) -
secret detection | gitlab-org/security-products/analyzers/secrets!156 (merged) -
flawfinder | gitlab-org/security-products/analyzers/flawfinder!78 (merged) -
nodejs-scan | gitlab-org/security-products/analyzers/nodejs-scan!116 (merged) -
semgrep | gitlab-org/security-products/analyzers/semgrep!114 (merged) -
brakeman | gitlab-org/security-products/analyzers/brakeman!102 (merged) -
mobsf | gitlab-org/security-products/analyzers/mobsf!49 (merged) -
phpcs-security-audit | gitlab-org/security-products/analyzers/phpcs-security-audit!66 (merged) -
pmd-apex | gitlab-org/security-products/analyzers/pmd-apex!85 (merged) -
sobelow | gitlab-org/security-products/analyzers/sobelow!76 (merged) -
spotbugs | gitlab-org/security-products/analyzers/spotbugs!138 (merged) -
kubesec | gitlab-org/security-products/analyzers/kubesec!62 (merged)
-
-
Open MRs to README's to indicate these analyzers are now in terminal maintenance mode, with no new major version.
Templates
-
Open an MR for the Secret-Detection and Secret-Detection.latest template bumping the analyzer version | Secret Detection: !86715 (merged) and Secret-Detection.latest: !87570 (merged) -
Open an MR for the SAST-IaC and SAST-IaC.latest template bumping the analyzer version | !87316 (merged) -
Open an MR for the SAST and SAST.latest templates bumping the analyzer versions | !87292 (merged) Both sets of tasks are ready for development but the template MRs should not be merged until a day or two before 15.0 is completed. The analyzer MRs to bump the major version can be merged any time during 15.0.