Propagate gemnasium db variables (!22607) · Merge requests · GitLab.org / GitLab

Can Eldem requested to merge patch-54 into master Jan 08, 2020

What does this MR do?

We introduced air gapping feature to our analysers. Instead of connecting server we download advisory db and check vulnerabilities from there. This MR propagates variables to gemnasium analyzer for users to configure local advisory db.

This variables are send to https://gitlab.com/gitlab-org/security-products/dependency-scanning container which is orchestrator. Dependency scanning container just checks files and spins up other containers like gemnasium-python. (if project we are scanning is python project) One of the containers that we spin up https://gitlab.com/gitlab-org/security-products/gemnasium needs this variables to use local vulnerability database.

Related issue

#39416 (closed)

Documentation MR

!22670 (merged)

Does this MR meet the acceptance criteria?

Variable tested, in following pipeline log you can see its using pointed out repository with branch (line 196)

https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/397086257#L196

Conformity

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖

Propagate gemnasium db variables

What does this MR do?

Related issue

Documentation MR

Does this MR meet the acceptance criteria?

Conformity

Merge request reports