Disable patch creation via environment variables

Problem to solve

Auto Remediation can create a patch file to fix a vulnerability. This is done during the corresponding job in the pipeline, for example dependency_scanning.

Even if this functionality is useful, it may take time and resources that are relevant for some users. Those users may be not interested in automated fixes, and they can optimize the flow by skipping the analysis and patch creation.

Target audience

• Sasha, Software Developer
• Devon, DevOps Engineer

Further details

Since we want to suggest to use Auto Remediation, this should be a non-default behavior.

Proposal

If the environment variable REMEDIATION_DISABLED is set, the jobs will skip the creation of a patch to fix vulnerabilities. This will apply to any job that can provide remediations.

If some remediation suggestion is available with no costs, it will be kept.

What does success look like, and how can we measure that?

Number of jobs with REMEDIATION_DISABLED set.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.