Skip to content

Remove CS_DISABLE_DEPENDENCY_LIST from CS doc

Olivier Gonzalez requested to merge remove_CS_DISABLE_DEPENDENCY_LIST_from_user_docs into master

this must be merged only after the next Major major of the CS analyzer has been releseased.

If any doubt, please reach out to @gonzoyumo or #g_secure-composition-analysis before merging.

What does this MR do and why?

Update the Container Scanning user documentation based on Remove Dependency Scanning report generation fr... (#439782 - closed)

The code that generates the Dependency Scanning report artifact when executing the Container Scanning Analyzer is being removed with gitlab-org/security-products/analyzers/container-scanning!2993 (merged) (to be released in 17.0).

The DS report was used to provide the list of components but this is now achieved with the cycloneDX SBOM report instead and in 17.0 the rails application will no longer leverage the content of the Dependency Scanning report for this purpose. As a result, the CS_DISABLE_DEPENDENCY_LIST is no longer effective and must be removed from the documentation and related content adjusted.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Merge request reports