Support custom pipcompile lockfile in DS latest template with DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN
What does this MR do and why?
Support custom pipcompile lockfile filnemae in Dependency Scanning latest template using the DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN CI/CD variable.
Similar to what we did to support PIP_REQUIREMENTS_FILE with the old Gemnasium python analyzer, this MR adds a rule to trigger the new DS analyzer when the DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN variable is set instead of looking for a file in the repo that matches the regular name requirements.txt.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- checkout this MR's branch in your GDK
- clone this example project: https://gitlab.com/gitlab-org/secure/tests/olivier/custom-pipcompile-requirements-file/
- run a pipeline
- confirm the
dependency-scanningjob is triggered and the custom file has been scanned. The debug log should output:electing pip for pypi based on lock file my-custom-pipcompile-req-file.txt parseable my-custom-pipcompile-req-file.txt