Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

Allow pip version to be configured in Dependency Scanning

Problem to solve

Allow installing a custom version of pip registries to fulfill specific needs.

Intended users

Proposal

Add a DS_PIP_VERSION to our vendored template to pass them down to the analyzers.
leverage this variables in the gemnasium-python analyzer to install a custom version of pip

Permissions and Security

Documentation

add this variable to dependency scanning documentation](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables). We probably need to specify that only the gemnasium-python analyzer is supporting this option.

Testing

find relevant test projects and make sure pipelines pass

What does success look like, and how can we measure that?

Customers can use a specific version of pip.

What is the type of buyer?

GitLab Ultimate

Links / references

Product

Release Notes

Edited Jan 09, 2020 by Nicole Schwartz