Draft: feat: Search for more than one python dependency files

Note: blocked by !200 (closed)

Good day! I was not sure if this change deserves its own ticket, please advise if so. The change seems very small but has some upsides for monorepo's. After using gemnasium (and Dependency Scanning) with much delight over the last few years I've finally found a use-case that I can contribute 👏🏻 Thank you for allowing me the opportunity.

What does this MR do?

Changes the SearchMode for finding python requirements files from SearchSingleDir to SearchAll.

Why?

In the case where a repository has more than 1 python requirements file we would make Dependency Scanning more effective by going through all of them instead of only the first one.

Why would a repository have more than 1 python requirements file?

Monorepo's that hold several python projects may have several requirements files, and even use different dependency managers in the same repository.

What is the impact of this change?

As far as I can tell the impact can be considered very small. Repositories with a single requirements file will still be analysed. It may make dependency scanning a little slower for the currently supported case since this change means we do not exit early when traversing the source tree. I would be surprised if such performance considerations are necessary.

What are the relevant issue numbers?

gitlab-org/gitlab#332558

Does this MR meet the acceptance criteria?

Please advise on these

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer