Planning Breakdown: Update documentation for Dependency Scanning to work with private registries

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

We can now handle private registries. We need to document how to configure Dependency Scanning (and License Compliance, and any other scanners?) with private registries.

The goal of this issue is to update documentation, hopefully in a generic way that can be applied to all secure, or at least consistently across.

Further details

Proposal

Create a section in Offline environments doc explaining the general process of setting up an analyzer in the offline environment and link it to otherssections.

Who can address the issue

Other links/references

Implementation plan

• Create a new page under Application security "Private registries"
  • Introduction (a description of what this enables and when it's needed)
  • Requirements
  • Installation
    • Set up the package registry (including installation and populating)
    • Set up GitLab private registry

• Configuration
  • Configure analyzers to use the private package registry.
  • Specific configurations
    • Move the existing Maven documentation here.

• Add links to this doc to Offline environments
• Add links to this doc to Dependency Scanning#setting up with an offline registry
• Add link to this doc from every analyser documentation page
• Add link to this doc from Security overview