Remove deprecated SAST jobs
What does this MR do and why?
Remove several jobs from SAST.latest.gitlab-ci.yml
that were overdue for removal.
-
bandit-sast
: removal overdue since 15.3 -
brakeman-sast
: removal overdue since 17.0 -
eslint-sast
: removal overdue since 15.3 -
flawfinder-sast
: removal overdue since 17.0 -
gosec-sast
: removal overdue since 15.2 -
mobsf-android-sast
: removal overdue since 17.0 -
mobsf-ios-sast
: removal overdue since 17.0 -
nodejs-scan-sast
: removal overdue since 17.0 -
phpcs-security-audit-sast
: removal overdue since 17.0 -
security-code-scan-sast
: removal overdue since 16.0
References
- SAST Deprecation: Analyzer consolidation and CI... (#352554 - closed)
- Static Analysis Analyzer consolidation in 16.0 (#390416 - closed)
- https://docs.gitlab.com/ee/update/deprecations.html#sast-analyzer-coverage-changing-in-gitlab-170
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Merge request reports
Activity
changed milestone to %17.9
added groupstatic analysis maintenanceremoval labels
assigned to @thiagocsf
added typemaintenance label
added pipelinetier-1 label
added devopsapplication security testing sectionsec labels
added citemplates label
3 Warnings ⚠️ This merge request adds or changes templates, please consider updating the corresponding
Gitlab Component.⚠️ The master pipeline status page reported failures in If these jobs fail in your merge request with the same errors, then they are not caused by your changes.
Please check for any on-going incidents in the incident issue tracker or in the#master-broken
Slack channel.⚠️ You've made some app changes, but didn't add any tests.
That's OK as long as you're refactoring existing code,
but please consider adding any of the maintenancepipelines, maintenancerefactor, maintenanceworkflow, maintenanceperformance, documentation, QA labels.2 Messages 📖 CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
📖 This merge request adds or changes files that require a review from the CI/CD Templates maintainers. This merge request requires a CI/CD Template review. To make sure these changes are reviewed, take the following steps:
- Ensure the merge request has the citemplates label. If the merge request modifies CI/CD Template files, Danger will do this for you.
- Prepare your MR for a CI/CD Template review according to the template development guide.
- Assign and
@
mention the CI/CD Template reviewer suggested by Reviewer Roulette.
The following files require a review from the CI/CD Templates maintainers:
lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
Reviewer roulette
Category Reviewer Maintainer citemplates @timofurrer
(UTC+1, 10 hours behind author)
@marcel.amirault
(UTC+9, 2 hours behind author)
~"Verify" Reviewer review is optional for ~"Verify" @mbenayoun
(UTC+2, 9 hours behind author)
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
🔁 danger-review
job that generated this comment.Generated by
🚫 DangerEdited by ****requested review from @seanarnold and @mbenayoun
- Resolved by Thiago Figueiró
Looks good to me
- Resolved by Thiago Figueiró
question (non-blocking): Should we also remove them from the stable template?
added pipeline:mr-approved label
added pipelinetier-2 label and removed pipelinetier-1 label
Before you set this MR to auto-merge
This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.
Before you set this MR to auto-merge, please check the following:
- You are the last maintainer of this merge request
- The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
- This pipeline is recent enough (created in the last 8 hours)
If all the criteria above apply, please set auto-merge for this merge request.
See pipeline tiers and merging a merge request for more details.
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
✅ test report for a0167ae6expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Plan | 82 | 0 | 8 | 0 | 90 | ✅ | | Create | 138 | 0 | 20 | 0 | 158 | ✅ | | Secure | 4 | 0 | 3 | 0 | 7 | ✅ | | Package | 25 | 0 | 13 | 0 | 38 | ✅ | | Verify | 50 | 0 | 20 | 0 | 70 | ✅ | | Govern | 80 | 0 | 12 | 0 | 92 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | | Manage | 0 | 0 | 10 | 0 | 10 | ➖ | | Fulfillment | 2 | 0 | 7 | 0 | 9 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 429 | 0 | 124 | 0 | 553 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-test-on-cng:
✅ test report for a0167ae6expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Plan | 86 | 0 | 8 | 0 | 94 | ✅ | | Verify | 51 | 0 | 19 | 0 | 70 | ✅ | | Govern | 84 | 0 | 10 | 0 | 94 | ✅ | | Create | 143 | 0 | 19 | 0 | 162 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Package | 30 | 0 | 14 | 0 | 44 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | | Secure | 2 | 0 | 5 | 0 | 7 | ✅ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Manage | 0 | 0 | 10 | 0 | 10 | ➖ | | Fulfillment | 2 | 0 | 7 | 0 | 9 | ✅ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 446 | 0 | 123 | 0 | 569 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
Edited by ****- Resolved by Thiago Figueiró
It seems Sean is busy.
@marcel.amirault, would you mind doing the maintainer review?
requested review from @marcel.amirault and removed review request for @seanarnold
mentioned in merge request !178389 (merged)
added pipelinetier-3 pipeline:run-e2e-omnibus-once labels and removed pipelinetier-2 label
Hi
@marcel.amirault
👋 ,GitLab Bot has added the Technical Writing label because a Technical Writer has approved or merged this MR.
This message was generated automatically. Improve it or delete it.
added Technical Writing label
started a merge train
mentioned in commit 3cd53707
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
mentioned in merge request gitlab-ui!4936 (merged)
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label