Find and scan projects using new finder
What does this MR do?
- Relies on the
finderpackage ofgemnasiumto find projects; finder is initialized with preset specific to this project - Register builders with the names of the package managers they support, and not with compatible input files
- Change the build loop to leverage the projects and package manager info returned by the finder
- Change
common/commandconfiguration toAnalyzeAll; this project can now figure out what to process w/o depending on thecommon/searchpackage
This depends on gemnasium!134 (merged)
Next step is to move the builder package and the main build loop to the main gemnasium project. This is possible since discrepancies b/w gemnasium-maven and gemnasium-python have been removed. The builders themselves can remain in this project.
TODO
-
update gemnasiumdependency once gemnasium!134 (merged) has been merged and released -
make sure it scans projects in sub-directories; currently this is not checked by QA -
tag branchjob: https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/jobs/912978479#L211 - pipeline for the
subdirbranch ofjava-maven: https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/pipelines/230217081
-
What are the relevant issue numbers?
gitlab-org/gitlab#263441 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau