Move dependency scanning to .com project

What does this MR do?

Move dependency scanning to mirror nightly pipeline to make use of security dashboards

Related issues

Closes: #6159, #6160

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

• Merge Request Title, and Description are up to date, accurate, and descriptive
• MR targeting the appropriate branch
• MR has a green pipeline on GitLab.com
• Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
• trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

• Test plan indicating conditions for success has been posted and passes
• Documentation created/updated
• Tests added
• Integration tests added to GitLab QA
• Equivalent MR/issue for the GitLab Chart opened

changed milestone to %14.1

added Deliverable devopssystems groupdistribution maintenancepipelines priority3 quad-planningcomplete-no-action sectioncore platform security typefeature labels

assigned to @balasankarc

added tooling (archive) label and removed typefeature label

Example pipeline: https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/pipelines/321721434. Also look at the security tab to see the report in action - https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/pipelines/321721434/security

changed the description

added 1 commit

• 28805df1 - Move dependency scanning to Canonical repo

Compare with previous version

	1 Message
	Please add the workflowready for review label once you think the MR is ready to for an initial review. Merge requests are handled according to the workflow documented in our handbook and should receive a response within the limit documented in our First-response SLO. If you don't receive a response, please mention @gitlab-org/distribution, or one of our Project Maintainers

Generated by Danger

added 1 commit

• 9c4ef34b - Move dependency scanning to Canonical repo

Compare with previous version

added 1 commit

• 1401e919 - Move dependency scanning to Canonical repo

Compare with previous version

added 1 commit

• 96f8bb4f - Move dependency scanning to Canonical repo

Compare with previous version

I moved it to Canonical project because we don't need a package build, but only need to generate version-manifest.json file. Pipeline - https://gitlab.com/gitlab-org/omnibus-gitlab/-/pipelines/322034691

added 3 commits

• 96f8bb4f...860c7a73 - 2 commits from branch master
• 46005061 - Move dependency scanning to Canonical repo

Compare with previous version

changed title from Move dependency scanning to mirror nightly pipeline to Move dependency scanning to .com project

I think this one is ready for review

added workflowready for review label

added 11 commits

• 46005061...4352872f - 10 commits from branch master
• 165acc16 - Move dependency scanning to Canonical repo

Compare with previous version

resolved all threads

approved this merge request

requested review from @twk3

added workflowin review label and removed workflowready for review label

approved this merge request

merged

mentioned in commit 7fb133f0

added workflowstaging label and removed workflowin review label

added workflowcanary label and removed workflowstaging label

added workflowproduction label and removed workflowcanary label

added releasedcandidate label

added releasedpublished label and removed releasedcandidate label

added workflowstaging-ref label and removed workflowproduction label

Due to an issue the workflowstaging-ref label was incorrectly applied to this merge request. Re-setting back to workflowproduction using https://gitlab.com/gitlab-org/release-tools/-/merge_requests/1620

added workflowproduction label and removed workflowstaging-ref label

added typemaintenance label and removed tooling (archive) label

mentioned in issue #6733 (closed)