Skip to content

Breaking change notice: Secure CI/CD template updates in 16.0

For guidance on the overall deprecations, removals and breaking changes workflow, please visit Breaking changes, deprecations, and removing features

Deprecation Summary

GitLab-managed CI/CD templates for security scanning will be updated in the GitLab 16.0 release. The updates will include improvements already released in the Latest versions of the CI/CD templates. We released these changes in the Latest template versions because they have the potential to disrupt customized CI/CD pipeline configurations.

In all updated templates, we're updating the definition of variables like SAST_DISABLED and DEPENDENCY_SCANNING_DISABLED to disable scanning only if the value is "true". Previously, even if the value were "false", scanning would be disabled.

The following templates will be updated:

We recommend that you test your pipelines before the 16.0 release if you use one of the templates listed above and you use the _DISABLED variables but set a value other than "true".

Update: We previously announced that we would update the rules on the affected templates to run in merge request pipelines by default. However, due to compatibility issues discussed in the deprecation issue, we will no longer make this change in GitLab 16.0. We will still release the changes to the _DISABLED variables as described above.

(Content from https://gitlab.com/gitlab-org/gitlab/-/blob/master/data/deprecations/15-9-secure-template-changes.yml?ref_type=heads. The documentation is the single source of truth for deprecations and removals.)

Breaking Change

This is a potential breaking change only under the conditions listed above.

Affected Topology

All users.

Affected Tier

All tiers.

Checklists

Labels

  • This issue is labeled deprecation, and with the relevant ~devops::, ~group::, and ~Category: labels.
  • This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.

Timeline

Please add links to the relevant merge requests.

  • As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: 14.8, 14.9, 14.10, 15.014.8 is the third milestone preceding the major release):
  • On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post.
  • On the major milestone:

Mentions

  • Your stage's stable counterparts have been @mentioned on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.
    • To see who the stable counterparts are for a product team visit product categories
      • If there is no stable counterpart listed for Sales/CS please mention @timtams
      • If there is no stable counterpart listed for Support please mention @gitlab-com/support/managers
      • If there is no stable counterpart listed for Marketing please mention @cfoster3
  • Your GPM has been @mentioned so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.

Deprecation Milestone

%15.9

Planned Removal Milestone

%16.0

Links

Edited by Connor Gilbert