SAST jobs no longer use global cache settings
Deprecation Summary
In GitLab 18.0, the SAST job templates explicitly disable the use of cache. The following templates are affected:
SAST.gitlab-ci.ymlSAST-IaC.gitlab-ci.yml
Documentation
- Deprecation notice: Deprecation notice for SAST job cache (!177527 - merged) • Thiago Figueiró • 17.9
Product Usage
This was done to prevent SAST analyzers from scanning cached artifacts, which may lead to false-positives and timeout.
The previous behavior can be restored by overriding the cache property in the project's CI configuration.
This change was originally added to the latest templates in GitLab %17.8 as part of the fix for SAST-Jobs timeout or reports non-existing error... (#440829 - closed).
Breaking Change?
This is possibly a breaking change. If a user intentionally wants SAST analyzers to scan cache paths, they need to update their CI configuration to explicitly enable cache on SAST jobs.
Affected Customers
-
GitLab.com -
Self-managed -
Dedicated
Deprecation Milestone
Planned Removal Milestone
Links
Checklists
Timeline
Rollout Plan
DRIs:
- Engineers: @philipcunningham
- Engineering Manager: @thiagocsf
The change will be rolled-out with the GitLab %18.0 release. It's already available from %17.8 via the use of the latest templates.
There's no feature flag for this change.
Communication Plan
DRIs:
- Product Manager: @connorgilbert
Add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule:
17.8, 17.9, 17.10, 17.11, 18.0–17.9is the third milestone preceding the major release):-
A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. -
Documentation has been updated to mark the feature as deprecated.
-
- On the major milestone:
-
The deprecated item has been removed. -
If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change. -
Document the migration plan for users, clearly outlining the actions they need to take to mitigate the impact of the breaking change.
-
Development
DRIs:
-
Engineers: @philipcunningham
-
Engineering Manager: @thiagocsf
-
Measure usage of the impacted product feature -
Evaluate metrics across GitLab.com, Self-Managed, Dedicated -
add issue link -
list any metrics and/or dashboards
-
-
Create tooling for customers to manually migrate their data or workflows -
add issue link
-
-
Build mechanism for users to manually enable the breaking change ahead of time -
add issue link
-
-
Automate the migration for those who do not take any manual steps (ensure the automation can be reverted) -
add issue link
-
-
Develop rollout plan of breaking change on GitLab.com -
add feature flag rollout issue
-
-
Dogfood the changes on GitLab.com or a Self-Managed test instance -
add issue link
-
-
(Optional) Create UI controls for instance admins to disable the breaking change, providing flexibility to Self-Managed / Dedicated customers. Optional as this depends on the breaking change. -
add issue link
-
Approvals
-
Product Manager @PM -
Engineering Manager @EM -
Senior Engineering Manager / Director @senior-eng-leader -
Group / Director of Product Management @senior-product-leader
Mentions (as applicable)
-
Product Designer @ProductDesigner -
Tech Writer @TW -
Software Engineering in Test @SET -
Any other stable counterparts based on the product categories: -
Add Sales/CS counterpart or mention @timtams -
Add Support counterpart or mention @gitlab-com/support/managers -
Add Marketing counterpart or mention @cfoster3
-
Labels
-
This issue is labeled deprecation, and with the relevant ~devops::,~group::, and~Category:labels. -
This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.