Enable development dependency scanning in composer projects
Release notes
TODO
Problem
As part of Make Gemnasium scan, report PHP Composer dev de... (#343041 - closed), the parser for composer.lock
files was updated to handle parsing the dev-packages
dependencies. Since this would constitute a breaking change, the feature was disabled in preparation for the %16.0 release.
See gitlab-org/security-products/analyzers/gemnasium!365 (comment 1058959184)
Proposal
Activate and release the feature for composer to start scanning development dependencies when configured to do so.
Implementation
-
Update func(s Scanner) scanFile(path string, file *File) error
found in scanner/scanner.go so that it does not override theopts.IncludeDev
value tofalse
. -
Update the spec/gemnasium_image_spec.rb
tests so that the test cases for excluding the dev dependencies are not skipped. -
Update the documentation to mention support for php composer projects.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.