BlogEngineeringGitLab Runner update required to use SAST in Auto DevOps

Published on December 6, 2018

2 min read

GitLab Runner update required to use SAST in Auto DevOps

Make sure you upgrade GitLab Runner to 11.5+ to coninue using SAST in Auto DevOps.

Fabio Busatto

CI

DevOps

features

releases

security

We are introducing a major change for the SAST job definition for Auto DevOps with GitLab 11.6, shipping Dec. 22. As a result, SAST jobs will fail after the upgrade to GitLab 11.6 if they are picked up by a version of GitLab Runner prior to 11.5. The jobs will fail, but they will not block pipelines. However, you won't see results for SAST in the merge request or at the pipeline level anymore.

The same change will happen for Dependency Scanning, Container Scanning, DAST, and License Management in future releases.

Why did this happen?

The new job definition uses the reports syntax, which is necessary to show SAST results in the Group Security Dashboard. Unfortunately, this syntax is not supported by GitLab Runner prior to 11.5.

Who is affected?

You are affected by this change if you meet all the requirements in the following list:

  1. You are using Auto DevOps AND
  2. you have at least one GitLab Runner 11.4 or older set up for your projects AND
  3. you are interested in security reports.

Who is not affected?

You are not affected by this change if you meet at least one of the requirements in the following list:

  1. You are not using Auto DevOps OR
  2. you are using only GitLab Runner 11.5 or newer OR
  3. you are using only shared runners on GitLab.com (we already upgraded them) OR
  4. you are not interested in security reports.

How to solve the problem

If you are not affected by the change, you don't need to take any action.

If you are affected, you should upgrade your GitLab Runners to version 11.5 or newer as soon as possible. If you don't, you will not have new SAST reports until you do upgrade. If you upgrade your runners later, SAST will start to work again correctly.

Which is the expected timeline?

GitLab 11.6 will be released on Dec. 22. This change may also be shipped in an early release candidate (RC) version.

If you are using a self-managed GitLab instance, and you don't install RC versions, you will be affected when you'll upgrade to GitLab 11.6.

If you are using GitLab.com, you will be affected as soon as the RC version with the change will be deployed.

Feel free to reach out to us with any further questions!

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert