<!-- This issue template can be used as a great starting point for feature requests. Learn more about the process: https://handbook.gitlab.com/handbook/product/how-to-engage/#customer-feature-requests. The section "Release notes" can be used as a summary of the feature and is also required if you want to have your release post blog MR auto generated using the release post item generator: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator. The remaining sections are the backbone for every feature in GitLab. The goal of this template is brevity for quick/smaller iterations. For a more thorough list of considerations for larger features or feature sets, you can leverage the detailed [feature proposal](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal%20-%20detailed.md). --> ### Release notes <!-- What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). " --> ### Problem to solve <!-- What is the user problem you are trying to solve with this issue? --> During the last year we've experimented with supporting new technologies and dogfood the CI/CD components to enable them. As the new DS analyzer is gaining maturity, and as we've refined our rollout strategy, we feel confident in enabling support for these new type of projects in the `latest` Dependency Scanning template. - C/C++/Fortran/Go/Python/R projects using conda (conda-lock.yml). - Objective-C projects using cocoapods (Podfile.lock). - Rust projects using Cargo (Cargo.lock). - Swift projects using Swift (Package.resolved). ### Proposal <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. --> Enable the new DS analyzer to run by default in the latest Dependency Scanning CI/CD template `lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml` by default to scan the following projects: - C/C++/Fortran/Go/Python/R projects using conda (conda-lock.yml). - Objective-C projects using cocoapods (Podfile.lock). - Rust projects using Cargo (Cargo.lock). - Swift projects using Swift (Package.resolved). This change is associated with the [rollout strategy for the new DS analyzer and deprecation of build support and Gemnasium analyzer](https://gitlab.com/gitlab-org/gitlab/-/issues/517653). ### Implementation plan - [x] the template update will be done with https://gitlab.com/gitlab-org/gitlab/-/issues/501103+. - MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/178065+ - [x] announce the new feature in a release post item - MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/138218+ - [x] update the [DS with SBOM user documentation](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/dependency_scanning_sbom/) - MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181499+ Due to [an incident](https://gitlab.com/gitlab-com/gl-infra/production/-/issues/19310#customer-impact) caused by this change, we've reverted the template update and instead only roll out the change to the `latest` template: - [x] Revert MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181540+ - [x] new MR to update the latest template only: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181546+ - [x] MR to adjust the release post item: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/138244+ - [x] MR to adjust the user documentation, deprecation announcement and migration guide: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181557+ ### Intended users <!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later. Personas are described at https://handbook.gitlab.com/handbook/product/personas/ * [Parker (Product Manager)](https://handbook.gitlab.com/handbook/product/personas/#parker-product-manager) * [Delaney (Development Team Lead)](https://handbook.gitlab.com/handbook/product/personas/#delaney-development-team-lead) * [Presley (Product Designer)](https://handbook.gitlab.com/handbook/product/personas/#presley-product-designer) * [Sasha (Software Developer)](https://handbook.gitlab.com/handbook/product/personas/#sasha-software-developer) * [Priyanka (Platform Engineer)](https://handbook.gitlab.com/handbook/product/personas/#priyanka-platform-engineer) * [Sidney (Systems Administrator)](https://handbook.gitlab.com/handbook/product/personas/#sidney-systems-administrator) * [Rachel (Release Manager)](https://handbook.gitlab.com/handbook/product/personas/#rachel-release-manager) * [Simone (Software Engineer in Test)](https://handbook.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test) * [Allison (Application Ops)](https://handbook.gitlab.com/handbook/product/personas/#allison-application-ops) * [Ingrid (Infrastructure Operator)](https://handbook.gitlab.com/handbook/product/personas/#ingrid-infrastructure-operator) * [Dakota (Application Development Director)](https://handbook.gitlab.com/handbook/product/personas/#dakota-application-development-director) * [Dana (Data Analyst)](https://handbook.gitlab.com/handbook/product/personas/#dana-data-analyst) * [Eddie (Content Editor)](https://handbook.gitlab.com/handbook/product/personas/#eddie-content-editor) * [Amy (Application Security Engineer)](https://handbook.gitlab.com/handbook/product/personas/#amy-application-security-engineer) * [Isaac (Infrastructure Engineer)](https://handbook.gitlab.com/handbook/product/personas/#isaac-infrastructure-security-engineer) * [Alex (Security Operations Engineer)](https://handbook.gitlab.com/handbook/product/personas/#alex-security-operations-engineer) * [Cameron (Compliance Manager)](https://handbook.gitlab.com/handbook/product/personas/#cameron-compliance-manager) --> ### Feature Usage Metrics <!-- How are you going to track usage of this feature? Think about user behavior and their interaction with the product. What indicates someone is getting value from it? Explore (../../doc/development/internal_analytics/internal_event_instrumentation/quick_start.md) for a guide. --> ### Does this feature require an audit event? <!--- Checkout these docs to know more https://docs.gitlab.com/ee/development/audit_event_guide/#what-are-audit-events https://docs.gitlab.com/ee/administration/audit_events.html ---> <!-- Label reminders Make sure to add the appropriate labels for the product stage and/or group (e.g ~"devops::plan") if known and add a comment tagging the appropriate Product Manager. Use the following resources to find the appropriate labels: - Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ Examples: /label ~group:: ~section:: ~Category: /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate" -->