Manage libraries missing from containers
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Running the Gemnasium dependency scanner against a project that requires libraries not included in the image requires workarounds like adding a before_script to install dependencies at runtime. A runtime install works but has downsides including increased execution time, increased network traffic, and edge-case issues (package repository down, package installed with unexpected version).
Customers will reach out to GitLab when their projects fail to build due to missing libraries; we will recommend using a before_script. Instead of adding libraries using a script in the .gitlab-ci.yml file users might be better served by a project- or group-level facility to include required dependencies that are not directly addressed by the project.