Warn users in the UI about the deprecation of Dependency Scanning build support and Gemnasium analyzer

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem to solve

With Deprecate build support on Dependency Scanning ... (&14146 - closed) we are deprecating the existing Dependency Scanning analyzer which has been in use for many years. This will be an impactful change for users and if they are not looking at the deprecation announcement they might not be prepared in time for that migration.

References

A previous MR was opened and the following feedback was mentioned. See !180189 (comment 2349028244).

have we checked the performance of this? It sounds rather expensive to check all @pipeline.builds I presume that's all jobs inside a pipeline? That might have a massive performance impact, especially for pipelines with dozens or hundreds of jobs, especially if they are not using the gemnasium jobs.

Proposal

To ensure awareness, we should display warnings or banners in the GitLab UI. To limit the noise though, we should restrict this to situations where we detect the usage of the impacted features.

We can base our solution on the banner used to notify users on OpenTofu migration.

Implementation

Show an alert in the pipeline view to display an alert if it's using gemnasium.
Create tests to ensure that the alert is shown only when using the old template.

Edited Aug 25, 2025 by 🤖 GitLab Bot 🤖