Add the global var SECURE_ANALYZERS_PREFIX
What does this MR do?
Add the global var SECURE_ANALYZERS_PREFIX
This variable helps to setup all Security Products with a single variable. It has numerous advantages over the previous version:
- The var can be set up in
.gitlab-ci.ymlor in the UI - That means users can define it at the group level directly if needed
- It flattens the paths used (sometimes it was with /analyzers/, sometimes not)
- A single variable can now define all the base paths at once
This change is especially useful for air-gapped environments, where all the images are generally duplicated locally. Having different prefixes is creating a lot of plumbing just to get started.
If users store these images locally, instead of pulling them every time from registry.gitlab.com, they will maybe see a performance boost when downloading them. It will also lower the load on our servers.
Note that registry.gitlab.com/gitlab-org/security-products/bundle has been created along with this Merge Request.
refs #209258 (closed) and #209846 (closed)
Screenshots
N/A
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) - [-] Code review guidelines
- [-] Merge request performance guidelines
- [-] Style guides
- [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Test MRs without SECURE_ANALYZERS_PREFIX set
- DAST: gitlab-org/security-products/tests/dast-e2e!3 (closed)
- DS, SAST, LM: gitlab-org/security-products/tests/python-pip!82 (closed)
- DS, SAST, LM non-dind: gitlab-org/security-products/tests/python-pip!83 (closed)
- DS, LM: gitlab-org/security-products/tests/ruby-bundler!85 (closed)
- DS, LM non-dind: gitlab-org/security-products/tests/ruby-bundler!86 (closed)
- CS: gitlab-org/security-products/tests/container-scanning!11 (closed)
Test MRs with SECURE_ANALYZERS_PREFIX
Same MRs as above, but using images bundled in https://gitlab.com/gitlab-org/security-products/bundle (using the Secure-Binaries.gitlab-ci.yml template.):
- DAST: gitlab-org/security-products/tests/dast-e2e!5 (closed)
- DS, SAST, LM: gitlab-org/security-products/tests/python-pip!87 (closed)
- DS, LM: gitlab-org/security-products/tests/ruby-bundler!89 (closed)
- CS: gitlab-org/security-products/tests/container-scanning!12 (closed)
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related Links:
Release Post Deprecation gitlab-com/www-gitlab-com!49202 (merged)