Document DS_ANALYZER_IMAGE, SAST_ANALYZER_IMAGE and CS_ANALYZER_IMAGE (#284600) · Issues · GitLab.org / GitLab

Document DS_ANALYZER_IMAGE, SAST_ANALYZER_IMAGE and CS_ANALYZER_IMAGE

### Problem to solve The secure templates make use of the following variables, however, none of them have been documented: - `DS_ANALYZER_IMAGE` - added by [Use DS_ANALYZER_IMAGE in Dependency Scanning QA](https://gitlab.com/gitlab-org/gitlab/-/issues/241976) - `SAST_ANALYZER_IMAGE` - added by [SAST/DS Downstream projects do not use branch image, defaulting to major](SAST/DS Downstream projects do not use branch image, defaulting to major) - `CS_ANALYZER_IMAGE` - added by [Use CS_ANALYZER_IMAGE in CS template](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47856) The purpose of this issue is to document these variables ### Intended users * [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer) ### User experience goal ~~User's should find correct documentation for the given variable names~~ We decided to document these variables in the template itself instead of the user documentation. ### Proposal Document the `DS_ANALYZER_IMAGE`, `SAST_ANALYZER_IMAGE`, and `CS_ANALYZER_IMAGE` env variables. ### Implementation plan Document the following variables as comments in the given templates: |Variable|Template| |---|---| |`DS_ANALYZER_IMAGE`|[Dependency-Scanning.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/80aa006c2763976fcbc2756951dc603ae30fa3f9/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml#L14)| |`SAST_ANALYZER_IMAGE`|[SAST.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/80aa006c2763976fcbc2756951dc603ae30fa3f9/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L14)| |`CS_ANALYZER_IMAGE`|[Container-Scanning.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/80aa006c2763976fcbc2756951dc603ae30fa3f9/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml#L7) ### Further details See [this discussion](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47856#note_448720788) for more details ### What does success look like, and how can we measure that? The variables listed in the [Proposal section](#proposal) are documented as comments in their respective template files. ### What is the type of buyer? ~"GitLab Ultimate" ~"Enterprise Edition" ### Is this a cross-stage feature? Yes, this affects ~"Category:Container Scanning" ~"Category:SAST" ~"Category:Dependency Scanning" /cc @gonzoyumo @NicoleSchwartz @rdickenson @fcatteau

issue