Document graph export dependency scanning feature
Problem to solve
Dependency Scanning will be undergoing a large change in the transition to graph export only analysis. We'll need to document how this works:
- Relationship with CycloneDX SBOM based vulnerability scanning
- Clarify the offline first approach taken - containers will be able to run without network access
- Explain that it is FIPS compatible
- Examples on how to configure the analyzer. Some projects will require running a command to generate a graph export, and others will not.
- Ease the migration for existing users with a migration guide
Further details
Proposal
Who can address the issue
Other links/references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Edited by Oscar Tovar