Include improvements suggested by @xlgmokha
What does this MR do?
This MR addresses some new comments on !28566 (merged) and fix a few things:
- We don't save a
tar
temporary file anymore, we pipe directly the output ofdocker
togzip
now. - We don't force
SECURE_BINARIES_SAVE_ARTIFACTS
tofalse
forspotbugs
andlicence-management
anymore. This setting is nowfalse
by default anyway. The 1GB artifact limit is only on GitLab.com anyway and will differ on self-hosted instances. -
license-management
was recently renamed tolicense-scanning
, and we follow this new convention. For backward compatibility, the job will still be triggered ifSECURE_BINARIES_ANALYZERS
containslicense-management
.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
- [-] Code review guidelines
- [-] Merge request performance guidelines
- [-] Style guides
- [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
[-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
-
[-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
-
Test pipeline running this template: https://gitlab.com/gitlab-org/security-products/bundle/-/merge_requests/3
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Philippe Lafoucrière