Add Dependency Scanning support for Conan lock files
What does this MR do?
Add conan.lock to the rules:exists of the Gemnasium job, to handle Conan lock files.
See #225218 (closed)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
changed milestone to %13.4
marked the checklist item Changelog entry as completed
1 Warning 
This MR has a Changelog file outside ee/, but code changes inee/. Consider moving the Changelog file intoee/.Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited, or the chosen person is unavailable.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, mention them as you normally would! Danger does not automatically notify them for you.
Category Reviewer Maintainer backend Nicolas Dular ( @nicolasdular) (UTC+2)Bob Van Landuyt ( @reprazent) (UTC+2)If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Edited by 🤖 GitLab Bot 🤖mentioned in issue #238565 (closed)
mentioned in merge request gitlab-org/security-products/tests/c-conan!3 (merged)
assigned to @fcatteau
mentioned in issue #225218 (closed)
- Resolved by Fabien Catteau
@adamcohen One minor comment. Back to you, and to be submitted to a project maintainer once the MR has been merged.
Edited by Fabien Catteau - Last reply by Adam Cohen
assigned to @adamcohen and unassigned @fcatteau
- Resolved by Rémy Coutable
Tested with the official
gemnasium:2Docker image (Gemnasium v2.16.0) usingc-conantest project. See https://gitlab.com/gitlab-org/security-products/tests/c-conan/-/pipelines/183725034UPDATE: Failing job is for Licensing Scanning QA and is unrelated.
@adamcohen Approved!
@rymai Could you merge this? Thanks!
Edited by Fabien Catteau - Last reply by Rémy Coutable
assigned to @rymai and unassigned @adamcohen
mentioned in merge request !40699 (merged)
enabled an automatic merge when the pipeline for ec2a56e9 succeeds
mentioned in commit 8691c13a
mentioned in merge request gitlab-org/security-products/tests/c-conan!6 (merged)
added workflowstaging label
added workflowcanary label and removed workflowstaging label
added workflowproduction label and removed workflowcanary label
This merge request has been deployed to the pre.gitlab.com environment, and will be included in the upcoming self-managed GitLab 13.5.0 release.
added published label
-
This merge request has been deployed to the release.gitlab.net environment, and will be included in the upcoming self-managed GitLab 13.5.0 release.
