Find and scan projects using new finder
What does this MR do?
- Relies on the
finderpackage ofgemnasiumto find projects; finder is initialized with preset specific to this project - Register builders with the names of the package managers they support, and not with compatible input files
- Change the build loop to leverage the projects and package manager info returned by the finder
- Change
common/commandconfiguration toAnalyzeAll; this project can now figure out what to process w/o depending on thecommon/searchpackage
NOTE: There's a build loop even though gemnasium-python only scans one project. The goal is to keep gemnasium-python aligned with gemnasium-maven, even if the loop is not needed. There's no risk because the finder won't find more than one Python project, because of the finder preset specific to gemnasium-python.
This depends on gemnasium!134 (merged)
Next step is to move the builder package and the main build loop to the main gemnasium project. This is possible since discrepancies b/w gemnasium-maven and gemnasium-python have been removed. The builders themselves can remain in this project.
TODO
-
update gemnasiumdependency once gemnasium!134 (merged) has been merged and released -
make sure it scans projects in sub-directories; currently this is not checked by QA - tag branch job: https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python/-/jobs/912979653#L1117
- python-pip,
subdirbranch
What are the relevant issue numbers?
gitlab-org/gitlab#263441 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau