Dependency path to vulnerable dependencies by default
What does this MR do?
Support 3 modes for how dependency paths are rendered:
- no dependency path
- dependency path to all dependencies
- dependency path to vulnerable packages only
The default behavior changes from rendering the path to all dependencies to rendering the path for vulnerable dependencies only.
The strategy can be controlled via DS_DEPENDENCY_PATH_MODE. For now this experimental environment variable is NOT documented.
DS_DEPENDENCY_PATH_MODE can be set to all or none to force a particular mode, otherwise the default mode applies.
The goal is to better control the size and complexity of the reports Gemnasium generates.
What are the relevant issue numbers?
This relates to gitlab-org/gitlab#229840 (closed), though this issue has been closed.
Does this MR meet the acceptance criteria?
-
Changelog entry added - [-] Documentation created/updated for GitLab EE, if necessary
- [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
-
Tests added for this feature/bug - [-] Job definition updated, if necessary
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau