Add Dependency Scanning support for Cargo, Conda, Cocoapods and Swift in the latest Dependency Scanning CI template using the new DS analyzer
Release notes
Problem to solve
During the last year we've experimented with supporting new technologies and dogfood the CI/CD components to enable them.
As the new DS analyzer is gaining maturity, and as we've refined our rollout strategy, we feel confident in enabling support for these new type of projects in the latest Dependency Scanning template.
- C/C++/Fortran/Go/Python/R projects using conda (conda-lock.yml).
- Objective-C projects using cocoapods (Podfile.lock).
- Rust projects using Cargo (Cargo.lock).
- Swift projects using Swift (Package.resolved).
Proposal
Enable the new DS analyzer to run by default in the latest Dependency Scanning CI/CD template lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml by default to scan the following projects:
- C/C++/Fortran/Go/Python/R projects using conda (conda-lock.yml).
- Objective-C projects using cocoapods (Podfile.lock).
- Rust projects using Cargo (Cargo.lock).
- Swift projects using Swift (Package.resolved).
This change is associated with the rollout strategy for the new DS analyzer and deprecation of build support and Gemnasium analyzer.
Implementation plan
-
the template update will be done with Update Dependency-Scanning.latest.gitlab-ci.yml... (#501103 - closed). -
announce the new feature in a release post item -
update the DS with SBOM user documentation
Due to an incident caused by this change, we've reverted the template update and instead only roll out the change to the latest template:
-
Revert MR: Revert "Merge branch '501103-update_DS_latest_C... (!181540 - merged) -
new MR to update the latest template only: Update the latest DS template to use the new DS... (!181546 - merged) -
MR to adjust the release post item: Adjust RP item for DS using SBOM due to inciden... (gitlab-com/www-gitlab-com!138244 - merged) -
MR to adjust the user documentation, deprecation announcement and migration guide: Adjust user documentation and migration guide f... (!181557 - merged)