Blog Secure Composition Analysis 14.0 deprecations and removals
February 8, 2021
1 min read

Secure Composition Analysis 14.0 deprecations and removals

A review of the deprecations and removals in 14.0 for the Secure Composition Analysis group.

Blog fallback hero

During the 14.0 release there will be both deprecations and removals by the Composition Analysis group, a member of the Secure stage, which is responsible for both the Dependency Scanning and License Compliance features. Please check if you're impacted by these changes and take appropriate action.

Removals for License Compliance

In 13.0 we deprecated the License-Management CI template, and renamed it License-Scanning. We have been providing backwards compatibility by warning users of the old template to switch. In 14.0 we will remove the License-Management CI template. You can read more about this change in issue #216261.

Deprecations for Dependency Scanning

If you only use a subset of our Dependency Scanning analyzers, you will need to change to using DS_EXCLUDED_ANALYZERS in 14.0 when it becomes available and stop using DS_DEFAULT_ANALYZERS. DS_EXCLUDED_ANALYZERS specifically asks what analyzers you wish to skip, rather than the current CI/CD variable DS_DEFAULT_ANALYZERS which you must list every analyzer you want to run. DS_DEFAULT_ANALYZERS did not automatically receive new analyzers added to GitLab, and required users to take action each time an analyzer was made available. You can read more about this change in this issue.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert