Secure analyzers major version update for 18.0
GitLab customers with an active subscriptions can reach out to GitLab Support when encountering unexpected problems with this change.
Deprecation Summary
The Secure stage will be bumping the major versions of its analyzers in tandem with the GitLab 18.0 release.
If you are not using the default included templates, or have pinned your analyzer versions you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
Users of GitLab 17.0-17.11 will continue to experience analyzer updates as normal until the release of GitLab 18.0, following which all newly fixed bugs and released features will be released only in the new major version of the analyzers.
We do not backport bugs and features to deprecated versions as per our maintenance policy. As required, security patches will be backported within the latest 3 minor releases.
Specifically, the following analyzers are being deprecated and will no longer be updated after the GitLab 18.0 release:
- Advanced SAST: version 1
- Container Scanning: version 7
- Dependency Scanning: version 5
- DAST: version 5
- DAST API: version 4
- Fuzz API: version 4
- IaC Scanning: version 5
- Secret Detection: version 6
- Static Application Security Testing (SAST): version 5 of [all analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/)
- `kubesec`
- `pmd-apex`
- `semgrep`
- `sobelow`
- `spotbugs`Breaking Change
Yes
Affected Topology
SaaS and self-managed.
Affected Tier
- Free
- Premium
- Ultimate
Checklists
Labels
-
This issue is labeled deprecation, and with the relevant ~devops::,~group::, and~Category:labels. -
This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.
Timeline
Please add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule:
14.8, 14.9, 14.10, 15.0–14.8is the third milestone preceding the major release):-
A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. -
Documentation has been updated to mark the feature as deprecated.
-
-
On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post. - On the major milestone:
-
The deprecated item has been removed. -
If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.
-
Mentions
-
Your stage's stable counterparts have been @mentionedon this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.- To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams - If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers - If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
Your GPM has been @mentionedso that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.