Determine Java version when DS_JAVA_VERSION is not set

Release notes

When running container scanning via compliance pipelines (via compliance frmaeworks) it may not be practicable to set the DS_JAVA_VERSION within each project. In cases where DS_JAVA_VERSION is not set we can attempt to determine the correct version from the pom.xml.

Problem to solve

Compliance pipelines adds complexity to project-level configuration that is avoidable.

Proposal/ Implementation Plan

Modify gemnasium-maven-dependency_scanning job with a before_script:

    - VERSION=$(grep java.version pom.xml | sed 's/<\/\?[^>]\+>//g' | tr -d '[:blank:]')
    - if [ -z "$DS_JAVA_VERSION" ]; then if [ $VERSION = 1.8 ]; then DS_JAVA_VERSION=8; else DS_JAVA_VERSION=$VERSION; fi fi
    - export DS_JAVA_VERSION

Notice that on Mac the sed command needs to be a bit different: sed -E 's/<\/?[^>]+>//g'

The Maven docs on setting the java version specify useful fields.

Discussed in Slack

Intended users

• Alex (Security Operations Engineer)
• Ingrid (Infrastructure Operator)

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.