Skip to content

Add poetry.lock file to dependency scanning template

Oscar Tovar requested to merge 7006-add-poetry-lockfile-to-ds-template into master

What does this MR do and why?

This MR updates the dependency scanning ci template to run gemnasium-python if a poetry.lock file exists 0-2 levels beneath the working directory. As part of the implementation plan of #7006 (closed), the relevant documentation for this will be updated in !87161 (merged).

Screenshots or screen recordings

"Screenshot of updated ds template successfully analyzing poetry project" "Screenshot of dependencies found within the poetry.lock file analyzed" "Screenshot of unit tests successfully passing for project with poetry.lock file"

How to set up and validate locally

  1. Import the test python-poetry project locally.
  2. Create a new branch and update the .gitlab-ci.yml: 
    stages:
  - test
  - qa

include:
  # Security Products features
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml

  # Security Products features QA
  - https://gitlab.com/gitlab-org/security-products/ci-templates/raw/master/includes-dev/qa-dependency_scanning.yml
  3. Trigger a pipeline run with the variable DS_MAJOR_VERSION set to 3.
  4. The pipeline should security widget should show the poetry.lock deps found.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Oscar Tovar

Merge request reports