Require dependency scanning feature to run (!64) · Merge requests · GitLab.org / security-products / analyzers / Dependency Scanning

Oscar Tovar requested to merge add-feature-check into main Oct 09, 2024

What does this MR do and why?

The dependency scanning feature set is only available for Ultimate customers. To conform with this, the analyzer will now exit with an error if the dependency scanning feature has not been enabled for the project running the analyzer in a pipeline.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

You can see in this temp job that the dependency_scanning feature is automatically set for Ultimate projects. The tests show that this line isn't hit, but that's only because we're running the binary directly, and not the function in a test. You can see that we do test both scenarios in the e2e_test.go file.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Run the analyzer on a project that does not have Ultimate.

Edited Oct 11, 2024 by Oscar Tovar

Require dependency scanning feature to run

What does this MR do and why?

Related issues

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports