### Problem to solve Full Dependency Scanning scans on SBOM changes have been enabled in %17.5 with https://gitlab.com/gitlab-org/gitlab/-/issues/395692. While the underlying implementation of full scans on SBOM changes is shared between Container Scanning and Dependency Scanning, there are specific constraints that prevented us from releasing the corresponding feature for Container Scanning. Indeed, to prevent disrupting existing Container Scanning users who have configured their security scans in a way that modifies the results, we can't enable the full SBOM based scans by default. Opportunities to work around that are explored in https://gitlab.com/groups/gitlab-org/-/epics/15362+ for instance. To pursue on our vision to replace CI based Container Scanning analysis with SBOM based Container Scanning analysis, we need to figure out a rollout strategy and ensure the feature covers all existing workflows and reach an acceptable level of parity. This epics contains the work required to reach the beta level https://docs.gitlab.com/ee/policy/experiment-beta-support.html#beta ### Proposal **Beta level Requirements:** 1. Might not be ready for production use. 1. Are supported on a commercially-reasonable effort basis, but with the expectation that issues require extra time and assistance from development to troubleshoot. 1. Might be unstable. 1. Have configuration and dependencies that are unlikely to change. 1. Have features and functions that are unlikely to change. However, breaking changes can occur outside of major releases or with less notice than for generally available features. 1. Have a low risk of data loss. 1. Have a user experience that is complete or near completion ### Timeline :warning: TBC The objective is to reach the Beta level before %17.9, so that we can offer an acceptable replacement when we announce the deprecation of the existing CI based Container Scanning security analysis that uses the Trivy analyzer to generate a CS security report. See https://gitlab.com/groups/gitlab-org/-/epics/15875+