During the 14.0 release there will be both deprecations and removals by the Composition Analysis group, a member of the Secure stage, which is responsible for both the Dependency Scanning and License Compliance features. Please check if you're impacted by these changes and take appropriate action.
Removals for License Compliance
In 13.0 we deprecated the License-Management CI template, and renamed it License-Scanning. We have been providing backwards compatibility by warning users of the old template to switch. In 14.0 we will remove the License-Management CI template. You can read more about this change in issue #216261.
Deprecations for Dependency Scanning
If you only use a subset of our Dependency Scanning analyzers, you will need to change to using
DS_EXCLUDED_ANALYZERS in 14.0 when it becomes available and stop using
DS_EXCLUDED_ANALYZERS specifically asks what analyzers you wish to skip, rather than the current CI/CD variable
DS_DEFAULT_ANALYZERS which you must list every analyzer you want to run.
DS_DEFAULT_ANALYZERS did not automatically receive new analyzers added to GitLab, and required users to take action each time an analyzer was made available. You can read more about this change in this issue.
““”” – Nicole Schwartz
Click to tweet