Skip vulnerability scanning when SBOM Scan api is disabled
What does this MR do and why?
This MR modifies the run command to catch errors from vulnerability scanning when the dependency_scanning_sbom_scan_api feature flag is disabled. When this happens the error is swallowed and the execution continues without failing.
This allows us to do the folowing rollout strategy:
- set
DS_ENABLE_VULNERABILITY_SCANto true by default - use the
dependency_scanning_sbom_scan_apiFF to gradually enable the sbom vulnerability scanning feature
This way we can monitor the rollout and turn the FF off if problems arise.
See full rollout plan in gitlab-org/gitlab#551861 (comment 2774664518)
Related issues
[FF] rollout `dependency_scanning_sbom_scan_api` (gitlab-org/gitlab#551861)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.