Generate a report compatible with the security widget
!2384 (merged) is completed.
This means that we run library scan every time we tag a release. This allows us to stay on top of any important CVE's in dependent libraries.
We pretty print the output of the scan in job we named Scan dependencies
, can be seen here https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/2322697 (private link).
We also save an artifact for 7 days that contains the full description of the library/cve/impact, see https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/2322697/artifacts/browse (will expire in 7 days.
Attaching a stripped out report: dependency_report.txt