Use specific version variables for Security Products in CI config
Problem to solve
Exporting SP_VERSION
variable in vendored templates prevents a user from granular configuration of different security products when multiple templates are included
Target audience
Sasha, Software Developer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sasha-software-developer
Further details
Also, it makes sense to change this in Auto DevOps template. But this will have implications on users that are already using Auto DevOps template and override the SP_VERSION
, so a migration plan has to be thoroughly developed.
Proposal
It could be useful to have the ability to override the versions of the Security Products independently via variables in .gitlab-ci.yml
. That is, in vendored templates we could do (for DAST)
- export DS_VERSION="${DS_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}"
(same with SAST_VERSION
etc.)
thus allowing user to override it with
variables:
DS_VERSION: my-custom-version
Original suggestion: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9660/diffs#note_145198913
Permissions and Security
N/A
Documentation
TODO
What does success look like, and how can we measure that?
GitLab users are using different versions of