Skip to content

Add jobs template for Dependency Scanning and License Scanning

What does this MR do and why?

  • Point Security/Dependency-Scanning.gitlab-ci.yml to newly added Jobs/Dependency-Scanning.gitlab-ci.yml
  • Point Security/License-Scanning.gitlab-ci.yml to newly added Jobs/License-Scanning.gitlab-ci.yml

Notes:

  • We keep Security reference in AutoDevOps template and doesn't change it.
  • We don't change references in the documentation

WHY

TLDR it makes us closer to migrate out of Security subdir to align with the rest of the company and makes it a bit cleaner for people to include our features from the UI (at least until something like #24939 (closed) gets prioritized). The later is the main reason why Static Analysis did the move earlier as they were pushing for configuring SAST in core. This is well explained in #292977 (closed). I'm not a very big fan of the approach, but it is a borring solution until we have a proper way to correcly compose a Gitlab CI file from the UI.

See #27825 (closed) for more context.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Olivier Gonzalez

Merge request reports

Loading