Remove flag that enables CVS GA
What does this MR do and why?
Remove the global_dependency_scanning_on_advisory_ingestion
flag.
As a result, Continuous Vulnerability Scanning (CVS)
for Dependency Scanning always runs globally,
and the opt-in behavior introduced when the feature
was experimental is no longer available.
global_dependency_scanning_on_advisory_ingestion
isn't documented,
so the documentation doesn't need to be changed.
The DB column continuous_vulnerability_scans_enabled
can be removed from the project_security_settings
table,
but this is going to be handled in a follow-up MR.
Screenshots or screen recordings
How to set up and validate locally
- Go through the demo instructions.
- Check the security settings. There should no longer be a toggle for CVS under the DS section.
- Look for vulnerabilities created by CVS DS in the vulnerability report page.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #427425 (closed)
Edited by Fabien Catteau