Limit directory depth of Gemnasium scans

Note to wider-community, sales, support and customer success

As always we welcome contributions so feel free to ask questions @NicoleSchwartz if you are unsure about what needs to be done here and want to contribute the fix yourself!

NOTE if you are a user who also would like to see this feature, please UPVOTE 👍 it and comment to help it get prioritized (So it’s raised as part of our sensing mechanisms. Comments ideally should include what you want, how it would help you, what your pain point/frustration is today, and anything else that can help us focus on solving the problem.

If you are a team member commenting on behalf of a user (not ideal, as you can only upvote once!) Please remember to upvote and include as much information (what they are trying to solve for, their setup) as possible in addition to a salesforce or zendesk link.

Proposal

Introduce a CI variable that limits the depth of the directories being scanned by Gemnasium (Dependency Scanning).

Proposal: introduce DS_MAX_DEPTH. See #241659 (comment 459602912)

This is currently not depth limit to the scan, but we might change that when introducing this new CI variable.

NOTE: This is similar to the existing SEARCH_MAX_DEPTH, but right now this variable isn't documented because A. its name doesn't start with the DS_ prefix and B. it only applies to project detection, and not to the scan itself, which confuses users.

TODO: write full feature proposal using the dedicated issue template

/cc @NicoleSchwartz @gonzoyumo @ifrenkel