Deprecation: SAST_EXPERIMENTAL_FEATURES flag
For guidance on the overall deprecations, removals and breaking changes workflow, please visit Breaking changes, deprecations, and removing features
Deprecation Summary
GitLab SAST has used a SAST_EXPERIMENTAL_FEATURES
CI/CD variable to control the rollout of features that were considered experimental.
We plan to remove this variable in the 16.0 release.
As of GitLab 15.9, the variable controls:
- Whether the MobSF-based SAST analyzer, which scans mobile applications, runs in your pipeline.
- Whether a specific detection rule that is prone to false positives is removed from the default scan configuration.
After GitLab 16.0, instead:
- The MobSF-based mobile application SAST analyzer will run if relevant files are detected in the repository being scanned, even if the experimental flag is not set.
- Rule updates will be applied, even if the experimental flag is not set.
(Content from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1117376, which updates the documentation. The documentation is the single source of truth for deprecations and removals.)
Breaking Change
This is not a breaking change.
Affected Topology
All users.
Affected Tier
All tiers.
Checklists
Labels
-
This issue is labeled deprecation, and with the relevant ~devops::
,~group::
, and~Category:
labels. -
(N/A) This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.
Timeline
Please add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule:
14.8, 14.9, 14.10, 15.0
–14.8
is the third milestone preceding the major release):-
A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. -
(N/A) Documentation has been updated to mark the feature as deprecated.
-
-
On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post. - On the major milestone:
-
The deprecated item has been removed. -
If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.
-
Mentions
-
Your stage's stable counterparts have been @mentioned
on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.- To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams
- If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers
- If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
Your GPM has been @mentioned
so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.
Deprecation Milestone
Planned Removal Milestone
Undecided
Links
Edited by Connor Gilbert