Change depscore container image namespace
What does this MR do?
Depscore project is migrated from https://gitlab.com/gitlab-com/gl-security/appsec/tooling/depscore to https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tooling/depscore. As a result DEPENDENCY_REVIEW_BOT_CI_REG
is updated so that container image from new name will be used in the ping-appsec-for-dependency-review:
CI job.
Also, this ping-appsec-for-dependency-review:
CI job depend on CI variable DEPENDENCY_REVIEW_PAT
which had the project token of https://gitlab.com/gitlab-com/gl-security/appsec/tooling/depscore. This needs to be updated with the project token of https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tooling/depscore which can be found at 1Password > GitLab-QA > Dependency Review Automation.
Related issues
https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-team/-/issues/618
Checklist
Pre-merge
Consider the effect of the changes in this merge request on the following:
-
Different pipeline types - Non-canonical projects:
-
gitlab-foss
-
security
-
dev
-
personal forks
-
-
Pipeline performance
If new jobs are added:
-
Change-related rules (e.g. frontend/backend/database file changes): _____ -
Frequency they are running (MRs, main branch, nightly, bi-hourly): _____ -
Add a duration chart to https://app.periscopedata.com/app/gitlab/652085/Engineering-Productivity---Pipeline-Build-Durations if there are new jobs added to merge request pipelines
This will help keep track of expected cost increases to the GitLab project average pipeline cost per merge request RPI
Post-merge
-
Consider communicating these changes to the broader team following the communication guideline for pipeline changes