gemnasium-python-dependency_scanning job is failing in python-pipenv downstream test

Summary

The gemnasium-python-dependency_scanning job of the pipfile-lock-FREEZE branch in the tests/python-pipenv downstream test is currently failing:

$ apt-get install -y mitmproxy
Reading package lists...
Building dependency tree...
Reading state information...
Package mitmproxy is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'mitmproxy' has no installation candidate

Steps to reproduce

Run a pipeline in the pipfile-lock-FREEZE branch of tests/python-pipenv

Example Project

https://gitlab.com/gitlab-org/security-products/tests/python-pipenv

What is the current bug behavior?

mitmproxy fails to install and causes the gemnasium-python-dependency_scanning job to fail

What is the expected correct behavior?

The gemnasium-python-dependency_scanning job should succeed

Possible fixes

Figure out another way to install mitmproxy in the .gitlab-ci.yml.

Implementation plan

Install mitmproxy via pip in .gitlab-ci.yml:

- pip install mitmproxy

/cc @hacks4oats @nilieskou @willmeek

Edited Sep 03, 2025 by Adam Cohen