Fix Dependency Scanning
What does this MR do?
Fix dependency scanning jobs, broken because of #291159 (comment 477638875) This MR is using the same workaround as SAST, meaning the jobs definitions are duplicated instead of using our template, and here is why:
- Our Secure templates use rules in every single job, for example: https://gitlab.com/gitlab-org/gitlab/-/blob/f006fea31097510743c47604f836915b088a6b5c/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml#L108. This means that unless we override these jobs one by one, these rules have the priority. Extending the jobs (with
extends
) won't work for instance. - We could have used YAML anchors as we do here: https://gitlab.com/gitlab-org/gitlab/-/blob/3972af21b21ce75c10b1f67a3c2024bff5f8802f/.gitlab/ci/rules.gitlab-ci.yml#L910. Unfortunately, anchors are local to their files, and we can't use
- <<: *if-default-refs
inreports.gitlab-ci.yml
because the anchor is defined inrules.gitlab-ci.yml
.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
- [-] Code review guidelines
- [-] Merge request performance guidelines
- [-] Style guides
- [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Philippe Lafoucrière