Dependency Scanning major version 5

Why are we doing this work

Version 4 of the analyzer has been deprecated.

Relevant links

• Secure analyzers major version update for 17.0 (#438123 - closed) • Thiago Figueiró, Alex Groleau+ • 16.9

Non-functional requirements

• Documentation: all references to dependency scanning 4 to be replaced with version 5 - [ ] https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
• Feature flag:
• Performance:
• Testing:

Implementation plan

• ⚠ this change must be released after the rollout of the project level SBOM based dependency list
• In the Gemnasium analyzer
  • Note: A temporary v5 branch has been created to stage upcoming changes in advance.
  • Ensure there is a v4 branch pointing to master (right before the bump of next step)
  • Bump the version to 5.0.0 in master
  • Merge the v5 branch into master. This should publish a new container image with tag 5
• In GitLab rails project
  • Update CI templates to use version 5
    • https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
    • https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml

Verification steps