Change notice: UBI-based Secure scanner images changing from UBI Minimal to UBI Micro
Deprecation Summary
See the published official version of this deprecation notice.
Breaking Change?
No; undocumented customizations that rely on the contents of analyzer images are not covered under the Statement of Support
Action required
If you use customizations that rely on a package manager or other contents from the base image, you can pin your security analyzer images to a specific version before the change.
Generally, this involves setting a CI/CD variable to configure a specific image tag, or overriding a job's image. Instructions differ between the various scanner types. See documentation for:
- SAST
- IaC Scanning
- Container Scanning
- Dependency Scanning: need docs link
- DAST
- API Security: need docs link
- Secret Detection
Please also comment on this issue so that we can understand your use case.
Affected Topology
All, but only if you enable FIPS mode specifically
Affected Tier
All, if you use GitLab security scanning
Deprecation Milestone
Planned Removal Milestone
Links
This is one piece (Convert all GitLab Secure (security scanning) i... (gitlab-org/cloud-native/distroless&6 - closed) • Unassigned) of a broader initiative (Convert all GitLab first party images to Distro... (gitlab-org/cloud-native/distroless&8 - closed) • Unassigned).
Checklists
Click to expand
Labels
-
This issue is labeled deprecation, and with the relevant ~devops::,~group::, and~Category:labels. -
This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.
Timeline
Please add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule:
14.8, 14.9, 14.10, 15.0–14.8is the third milestone preceding the major release):-
A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. -
Documentation has been updated to mark the feature as deprecated. - No associated change
-
- On the
major milestoneplanned milestone:-
The deprecated item has been removed. -
If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change. - Not applicable. This is not a breaking change.
-
Mentions
-
Your stage's stable counterparts have been @mentionedon this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.- To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams - If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers- Listing all Secure counterparts: @katrinleinweber-gtlb @kategrechishkina @dcoy @cmutua @mmora
- If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
Your GPM or Director has been @mentionedso that they are aware of planned deprecations.