Dependency Scanning major version 5
Why are we doing this work
Version 4 of the analyzer has been deprecated.
Relevant links
Non-functional requirements
-
Documentation: all references to dependency scanning 4 to be replaced with version 5 - [ ] https://docs.gitlab.com/ee/user/application_security/dependency_scanning/ -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
⚠ this change must be released after the rollout of the project level SBOM based dependency list -
In the Gemnasium analyzer - Note: A temporary v5 branch has been created to stage upcoming changes in advance.
-
Ensure there is a v4 branch pointing to master (right before the bump of next step) -
Bump the version to 5.0.0 in master
-
Merge the v5 branch into master
. This should publish a new container image with tag5
-
In GitLab rails project
Verification steps
Edited by Olivier Gonzalez