Add dependency review automation (!125420) · Merge requests · GitLab.org / GitLab

Nikhil George requested to merge dependency_review_1 into master Jul 05, 2023

What does this MR do and why?

This MR adds the Dependency review automation to GitLab pipeline. The aim of the automation is to

a) Identify non-maintained and untrusted dependency while they are added to code base
b) Assist Appsec dependency review process.

This automation adds a comment in the MR with dependency metadata and ping appsec to new dependency introduced in the MR. This automation currently check for new ruby gems.

This MR replaces !119096 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 05, 2023 by Nikhil George

Add dependency review automation

What does this MR do and why?

MR acceptance checklist

Merge request reports