Create python-setuptools test project
Problem to solve
As discussed here, we don't currently have a secure test project for the python-setuptools
package manager. The purpose of this issue is to create one.
Implementation plan
-
Create a new test project named python-setuptools
. -
Create a dependency file in this new test project for the version of setuptools pre-installed in gemnasium, which is currently 50.3.2
. -
Add a new python-setuptools
directory to gemnasium-python/qa/expect -
Create a gl-dependency-scanning-report.json
expected dependency file in thegemnasium-python/qa/expect/python-setuptools
directory created in step3.
-
Add a new downstream QA test in gemnasium-python to analyze the new python-setuptools
test project created in step1.
and compare the results to the expected dependency report added in step4.
-
Update the Tested Versions
entry forSetuptools
in theObtaining dependendency information by parsing lockfiles
table in the Dependency Scanning documentation to show that50.x
ofsetuptools
is supported.
User experience goal
Improved testing for python dependency scanning
Documentation
Dependency Scanning documentation will be updated as part of this issue.
Availability & Testing
A new test project will be added as part of this issue
What does success look like, and how can we measure that?
A new test project is added to confirm that setuptools >= 50.x
is supported
What is the type of buyer?
Enterprise Edition GitLab Ultimate
Is this a cross-stage feature?
No, this only affects ~"Category:Dependency Scanning"
/cc @NicoleSchwartz @gonzoyumo @fcatteau
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.