Expose security report from Dependency Scanning job (!383) · Merge requests · GitLab.org / security-products / ci-templates

Igor Frenkel requested to merge 460891-expose-security-report into master May 08, 2024

What does this MR do?

Because CI_JOB_TOKEN can no longer be used to retrieve pipeline artifacts, the current implementation of the integration-test does not work (see related issue).

This MR makes use of the DS_REPORT path in integration-test. This means that the qa tests need only set the DS_REPORT_PATH variable and override the artifacts of the dependency scanning job in order to allow access for qa jobs.

It looks like the artifacts override has to happen for each gemnasium-*dependency_scanning job because of the order of these includes: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml#L73

My intention is to merge this MR, do a full run of the gemnasium pipeline to check for failing tests in more complicated scenarios (e.g. multimodule) and then remove the allow_failure directive once every test passes.

What are the relevant issue numbers?

Integration test fails because of invalid token... (gitlab-org/gitlab#460891 - closed) • Igor Frenkel • 17.0

Does this MR meet the acceptance criteria?

Tests added for this feature/bug

Tested in js_npm using this MR's includes-dev/qa-dependency_scanning.yml commit: gitlab-org/security-products/tests/js-npm!13611 (closed)

Passing pipeline: https://gitlab.com/gitlab-org/security-products/tests/js-npm/-/pipelines/1283777243

Edited May 08, 2024 by Igor Frenkel

Expose security report from Dependency Scanning job

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports