Composition Analysis 17.0 deprecations, removals and breaking changes
Problem to solve
The next major release is always there too quickly, let's make sure we're prepared for %17.0!
NB: Dependency Scanning and License Scanning have the same support capabilities when it comes to language/package manager compatibility. This happened in 16.3 with the removal of License-Finder and its replacement with the SBOM generated by the Dependency Scanning job. This means we should align deprecation and removal announcements for these 2 features.
Deprecation issues
- Deprecate Dependency Scanning support for sbt 1... (#415835 - closed) • Unassigned • 16.8
- Secure analyzers major version update for 17.0 (#438123 - closed) • Thiago Figueiró, Alex Groleau+ • 16.9
- Deprecate V1 metadata format for licenses (#438477 - closed) • Thiago Figueiró • 16.9
- Deprecate Maven 3.6.x support in Dependency Sca... (#438772 - closed) • Thiago Figueiró • 16.9
- Deprecate unused gitlab:dependency_scanning met... (#438779 - closed) • Olivier Gonzalez • 16.9
- Deprecate License Scanning CI templates (#439157 - closed) • Thiago Figueiró • 16.9
- Deprecate Grype scanner in Container Scanning (#439164 - closed) • Thiago Figueiró • 16.9
- Deprecate the `dependency_files` field in the s... (#396376 - closed) • Olivier Gonzalez, Alana Bellucci • 16.9 • Needs attention (joint announcement with TI)
- Deprecate the license_scanning artifact report ... (#439301 - closed) • Olivier Gonzalez • 16.9
- Deprecate the support for python 3.9 in Softwar... (#441201 - closed) • Olivier Gonzalez • 16.9
Removal issues
- Remove the License Compliance Page (&8093) (2024-01-15: this is with TI and can probably be removed from here)
- Remove Dependency Scanning and License Scanning... (#436985 - closed) • Olivier Gonzalez • 17.0 • On track
- Remove support for Container Scanning 4 (#438125 - closed) • Nick Ilieskou • 17.0 • On track
- Remove deprecated Dependency Scanning jobs (#438226 - closed) • Olivier Gonzalez • 17.0 • On track
-
Remove support for V1 license format (#438478) • Unassigned • 18.0(delayed to 18.0) - Update default version of maven and remove supp... (#416688 - closed) • Philip Cunningham • 17.0 • On track
- Remove unused gitlab:dependency_scanning metada... (#428486 - closed) • Nick Ilieskou • 17.0 • On track
- Remove License Scanning CI templates (#439162 - closed) • Philip Cunningham • 17.0 • On track
- Remove Grype from Container Scanning (#439165 - closed) • Nick Ilieskou • 17.0 • On track
-
Remove the license_scanning artifact report type (#439303) • Unassigned • Backlog(delayed to 18.0) - Remove the `dependency_files` property from the... (#439770 - closed) • Olivier Gonzalez • 17.0 • On track
- Remove Dependency Scanning report generation fr... (#439782 - closed) • Olivier Gonzalez • 17.0 • On track
- Update Gemnasium analyzer to adopt the new secu... (#439777 - closed) • Igor Frenkel • 17.0
- Update default python to 3.11 in gemnasium-pyth... (#441491) • Zamir Martins • 17.0 • At risk
- Remove cyclonedx override from container scanni... (#451071 - closed) • Nick Ilieskou • 17.0 • On track
Candidates to be discussed
-
Deprecate and replace negatively-named Containe... (#420774) • Unassigned • Awaiting further demand- Will not happen in 17.0: #420774 (comment 1728023581)
-
Deprecate remediation of Dependency Scanning vu... (#416197) • Unassigned • Backlog- Will not happen in 17.0. This requires much more prior work: #416197 (comment 1727970503)
-
Deprecate and remove the `artifacts:paths` keyw... (#375739) • Unassigned • Backlog- Will not happen in 17.0:#375739 (comment 1729649687)
-
Deprecate Dependency Scanning reports (#435090) • Unassigned • Backlog- Will not happen in 17.0. This requires much more prior work: #435090 (comment 1727980377)