Secure analyzers major version update for 17.0
For guidance on the overall deprecations, removals and breaking changes workflow, please visit Breaking changes, deprecations, and removing features
Deprecation Summary
The Secure stage will be bumping the major versions of its analyzers in tandem with the GitLab 17.0 release.
If you are not using the default included templates, or have pinned your analyzer versions you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
Users of GitLab 16.0-16.11 will continue to experience analyzer updates as normal until the release of GitLab 17.0, following which all newly fixed bugs and released features will be released only in the new major version of the analyzers.
We do not backport bugs and features to deprecated versions as per our maintenance policy. As required, security patches will be backported within the latest 3 minor releases.
Specifically, the following analyzers are being deprecated and will no longer be updated after 17.0 GitLab release:
API Fuzzing: version TBC
Container Scanning: version 6
Coverage-guided fuzz testing: version TBC
Dependency Scanning: version 4
Dynamic Application Security Testing (DAST): version TBC
DAST API: version TBC
IaC Scanning: version TBC
Secret Detection: version TBC
Static Application Security Testing (SAST): TBC
brakeman: version TBC
flawfinder: version TBC
kubesec: version TBC
mobsf: version TBC
nodejs-scan: version TBC
phpcs-security-audit: version TBC
pmd-apex: version TBC
security-code-scan: version TBC
semgrep: version TBC
sobelow: version TBC
spotbugs: version TBC
Breaking Change
Yes
Affected Topology
SaaS and self-managed.
Affected Tier
- Free
- Premium
- Ultimate
Checklists
Labels
-
This issue is labeled deprecation, and with the relevant ~devops::
,~group::
, and~Category:
labels. -
This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.
Timeline
Please add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule:
14.8, 14.9, 14.10, 15.0
–14.8
is the third milestone preceding the major release):-
A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. -
Documentation has been updated to mark the feature as deprecated.
-
-
On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post. - On the major milestone:
-
The deprecated item has been removed. -
If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.
-
Mentions
-
Your stage's stable counterparts have been @mentioned
on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.- To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams
- If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers
- If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
Your GPM has been @mentioned
so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.