Verified Commit 33a9d92b authored by Adam Cohen's avatar Adam Cohen
Browse files

Programmatically enforce scanner version

parent 09ef9007
Pipeline #206273992 passed with stages
in 4 minutes and 18 seconds
......@@ -3,8 +3,8 @@ FROM ruby:2.7-slim
ARG BUNDLER_VERSION="2.1.4"
ENV BUNDLER_VERSION $BUNDLER_VERSION
ARG BUNDLER_AUDIT_VERSION="0.7.0.1"
ENV BUNDLER_AUDIT_VERSION $BUNDLER_AUDIT_VERSION
ARG SCANNER_VERSION="0.7.0.1"
ENV SCANNER_VERSION $SCANNER_VERSION
ARG BUNDLER_AUDIT_ADVISORY_DB_URL="https://github.com/rubysec/ruby-advisory-db.git"
ARG BUNDLER_AUDIT_ADVISORY_DB_REF_NAME="master"
......@@ -20,7 +20,7 @@ RUN set -ex; \
mkdir -p /root/.local/share/ruby-advisory-db; \
git clone --branch $BUNDLER_AUDIT_ADVISORY_DB_REF_NAME $BUNDLER_AUDIT_ADVISORY_DB_URL /root/.local/share/ruby-advisory-db; \
\
gem install bundler:$BUNDLER_VERSION bundler-audit:$BUNDLER_AUDIT_VERSION; \
gem install bundler:$BUNDLER_VERSION bundler-audit:$SCANNER_VERSION; \
bundle audit update
COPY analyzer /
......
......@@ -12,7 +12,7 @@ contains documentation on how to run, test and modify this analyzer.
## How to update the upstream Scanner
- Check for the latest version at https://github.com/rubysec/bundler-audit/tags
- Compare with the value of `BUNDLER_AUDIT_VERSION` in the [Dockerfile](./Dockerfile)
- Compare with the value of `SCANNER_VERSION` in the [Dockerfile](./Dockerfile)
- If an update is available, create a branch and bump the version.
- Trigger a pipeline on all relevant [test projects](https://gitlab.com/explore/projects?tag=Dependency+Scanning,Secure-QA):
- trigger a manual pipeline on `master` branch with these variables:
......
......@@ -2,6 +2,7 @@ package metadata
import (
"fmt"
"os"
"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
)
......@@ -27,13 +28,12 @@ const (
)
var (
// AnalyzerVersion is the semantic version of the analyzer and must match the most recent version in CHANGELOG.md
AnalyzerVersion = "2.9.0"
// AnalyzerVersion is a placeholder value which will be overwritten at build time
// with the most recent version from the CHANGELOG.md file
AnalyzerVersion = "not-configured"
// ScannerVersion is the semantic version of the scanner (bundler-audit)
// TODO: ensure this version matches the one specified in the Dockerfile
// see https://gitlab.com/gitlab-org/gitlab/-/issues/235059
ScannerVersion = "0.7.0.1"
// ScannerVersion is the semantic version of the scanner and is defined in the Dockerfile
ScannerVersion = os.Getenv("SCANNER_VERSION")
// IssueScanner describes the scanner used to find a vulnerability
IssueScanner = issue.Scanner{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment