[v0] Back-port Gemnasium 2.x
What does this MR do?
Make Dependency Scanning v0 (used in GitLab 10.7-11.5) use Gemnasium 2.x, now connected to the gemnasium-db repo. See gitlab-org/gitlab#14630 (closed)
Changes
CI configuration
- build Docker images for all versions of GitLab using Dependency Scanning v0, from 10.7 up to 11.5
- run the tests related to the
gemnasium
plugin/analyzer in its own job, wheregemnasium:2.3.0
is the base image
Dockerfile
- build image on top of
gemnasium:2.3.0
, which already includes the Gemnasium CLI, its vrange library, as well as a clone of gemnasium-db
Gemnasium Ruby class
- file detection based on what gemnasium, gemnasium-maven, and gemnasium-python currently support
- Gemnasium CLI integration
- Gemnasium Docker images integration
- conversion from Dependency Scanning report v2 - what the Gemnasium CLI and images generate
What are the relevant issue numbers?
gitlab-org/gitlab#33321 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added - [-] Documentation created/updated for GitLab EE, if necessary
- [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
- [-] Tests added for this feature/bug
- [-] Job definition updated, if necessary
-
Conforms to the code review guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau