Enable dependency scanning (!5) · Merge requests · GitLab.org / security-products / Tests / python-pip

Lucas Charles requested to merge enable-dependency-scanning-whl into master Apr 16, 2019

Enables dependency scanning using pre-compile strategy for leveraging the build stage.

NOTE: the pre-compile strategy MUST be used in this case as relying on the gemnasium-python's dependency installation will fail due to Pillow's missing requirement for zlib. I tested by removing Pillow and the remaining C-extension (regex) still builds successfully.

~~Adding WIP label until gitlab-org/security-products/analyzers/gemnasium-python!11 (merged) is merged and the explicit need for DS_ANALYZER_IMAGE_TAG can be dropped.~~

❯ cat qa/expect/gl-dependency-scanning-report.json | jq '.vulnerabilities | map(.cve)'
[
  "requirements.txt:Django:gemnasium:6162a015-8635-4a15-8d7c-dc9321db366f",
  "requirements.txt:Django:gemnasium:94f5e552-ad49-49c7-bd9f-8857bba2354b",
  "requirements.txt:Django:gemnasium:aa6b0729-ecca-4f48-8ea0-b364044c09cc",
  "requirements.txt:Pillow:gemnasium:96957bc4-9d00-4a2f-b179-24d79eb24631",
  "requirements.txt:Pillow:gemnasium:ab754212-345b-403a-8e1c-c5ec66ba0faf"
]

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖

Enable dependency scanning

Merge request reports