During the 14.0 release there will be both deprecations and removals by the Composition Analysis group, a member of the Secure stage, which is responsible for both the Dependency Scanning and License Compliance features. Please check if you're impacted by these changes and take appropriate action.

Removals for License Compliance

In 13.0 we deprecated the License-Management CI template, and renamed it License-Scanning. We have been providing backwards compatibility by warning users of the old template to switch. In 14.0 we will remove the License-Management CI template. You can read more about this change in issue #216261.

Deprecations for Dependency Scanning

If you only use a subset of our Dependency Scanning analyzers, you will need to change to using DS_EXCLUDED_ANALYZERS in 14.0 when it becomes available and stop using DS_DEFAULT_ANALYZERS. DS_EXCLUDED_ANALYZERS specifically asks what analyzers you wish to skip, rather than the current CI/CD variable DS_DEFAULT_ANALYZERS which you must list every analyzer you want to run. DS_DEFAULT_ANALYZERS did not automatically receive new analyzers added to GitLab, and required users to take action each time an analyzer was made available. You can read more about this change in this issue.

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

Try the GitLab DevOps Platform for free for 30 days

Achieve higher productivity, faster and secure deployments

Start your free trial Maybe later