Add additional_ca_cert_bundle input for DS v2 template

Olivier Gonzalezrequested to merge
580462_add_input_for_custom_ca_cert_in_ds_v2_template into master

What does this MR do and why?

Add additional_ca_cert_bundle input for DS v2 template. The feature already works when passing the CI/CD variable but we want a corresponding input for consistency.

  • add specs to verify CI/C variables backward compatibility
  • fix typo in DS_ENABLE_VULNERABILITY_SCAN fallback logic

Changelog: added EE: true

References

#580462

Screenshots or screen recordings

Before After

How to set up and validate locally

You need to have your GDK configured with HTTPS support.

  1. configure the MY_CUSTOM_CA_CERT variable (e.g. in project's variables) with your custom CA root certificate. If you've used mkcert on MacOS that will be the content of the rootCA.pem file: 
     cat ~/Library/Application\ Support/mkcert/rootCA.pem
  2. create a project that includes the v2 DS template and speficies the input 
    include:
  - template: Jobs/Dependency-Scanning.v2.gitlab-ci.yml
    inputs:
      additional_ca_cert_bundle: $MY_CUSTOM_CA_CERT
  3. verify in the job log output that the DS analyzer can reach the sbom scan API of the instance

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Olivier Gonzalez

Merge request reports