New DS analyzer always generates a Dependency Scanning Report
What does this MR do and why?
This modifies the latest CI template for Dependency Scanning to export the DS security report generated by the new DS analyzer as a CI job report artifact.
This will reintroduced the behavior that exists in the legacy Gemnasium analyzer by bringing back security scan results in the running CI pipeline. The new analyzer is now generating that report by default on GitLab 18.5 and above thanks to gitlab-org/security-products/analyzers/dependency-scanning!349 (merged)
References
- Bring security scan results back into the Depen... (&17150 - closed)
- [FF] rollout `dependency_scanning_sbom_scan_api` (#551861)
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Olivier Gonzalez