Proposal: deprecate security report schemas version 14-x-x
Context
Once version 15-0-0
of the security-report-schemas has been released, we want to deprecate and remove support for all previous versions, namely 14-x-x
.
Proposal
Details
If this proposal is accepted, new issues to do the actual deprecation and removal must be written.
Integrations will have at least 7 months -- between GitLab %15.4 and %16.0 -- to adopt the new 15-0-0
schema or a later 15-x-x
version.
Impact to integrations
- GitLab %15.8: security reports using version
14-x-x
will receive a deprecation warning in the pipeline security tab. - GitLab %16.0: security reports using version
14-x-x
will not be ingested, and an error will appear in the pipeline security tab.
Once the deprecation is announced and incorporated into Rails, any security reports submitted using version 14-x-x
will generate a warning in the project's pipeline security tab. The findings will still be ingested.
Once the removal is incorporated into Rails, warnings will become errors and the reports will not be ingested.
Example warning:
Example error:
/cc @matt_wilson @sam.white @derekferguson @NicoleSchwartz @connorgilbert @minac @cam_swords @theoretick @julianthome @idawson @fcatteau @mparuszewski