Secure Composition Analysis 14.0 deprecations and removals

Feb 8, 2021 · 1 min read · Leave a comment
Nicole Schwartz GitLab profile

During the 14.0 release there will be both deprecations and removals by the Composition Analysis group, a member of the Secure stage, which is responsible for both the Dependency Scanning and License Compliance features. Please check if you're impacted by these changes and take appropriate action.

Removals for License Compliance

In 13.0 we deprecated the License-Management CI template, and renamed it License-Scanning. We have been providing backwards compatibility by warning users of the old template to switch. In 14.0 we will remove the License-Management CI template. You can read more about this change in issue #216261.

Deprecations for Dependency Scanning

If you only use a subset of our Dependency Scanning analyzers, you will need to change to using DS_EXCLUDED_ANALYZERS in 14.0 when it becomes available and stop using DS_DEFAULT_ANALYZERS. DS_EXCLUDED_ANALYZERS specifically asks what analyzers you wish to skip, rather than the current CI/CD variable DS_DEFAULT_ANALYZERS which you must list every analyzer you want to run. DS_DEFAULT_ANALYZERS did not automatically receive new analyzers added to GitLab, and required users to take action each time an analyzer was made available. You can read more about this change in this issue.

““”” – Nicole Schwartz

Click to tweet

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license