Research: Dependency Scanning - Viable to Complete
What’s this issue all about?
Research required to gain insight into what it would take for Dependency Scanning to become Complete.
Who is the target user of the feature?
What questions are you trying to answer?
What would be required for users of other Dependency Scanning tools to instead adopt GitLab as part of their DevOps platform?
Core questions
Additional questions
What hypotheses and/or assumptions do you have?
Our Dependency Scanning will have to offer both reactive (this has a vulnerability) and proactive (this is X versions behind, this will be EOS/EOL on date XYZ) information. This information will have to be available for the entire project not just MRs. We will need to also be able to trigger scans and reports from within a group on all or many projects.
What decisions will you make based on the research findings?
Prioritization and scope of the product effort to make Dependency Scanning complete.
What's the latest milestone that the research will still be useful to you?
Current goal is completion by January