diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-22 12:08:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-22 12:08:28 +0300 |
commit | 56865fdf95db03cc0ccd01a88d9457ba0a050153 (patch) | |
tree | cfa861e4b33f65c4fff2486b04abfe1127ee80f4 /data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml | |
parent | 65d7736ff13e1f5c393f6723b7da0d1b2ddb94f5 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml')
-rw-r--r-- | data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml b/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml new file mode 100644 index 00000000000..2c562febac1 --- /dev/null +++ b/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml @@ -0,0 +1,20 @@ +- title: "Dependency Scanning incorrect SBOM metadata properties" + removal_milestone: "17.0" + announcement_milestone: "16.9" + breaking_change: true + reporter: gonzoyumo + stage: Secure + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438779 + body: | # (required) Don't change this line. + GitLab 17.0 removes support for the following metadata properties in CycloneDX SBOM reports: + + - `gitlab:dependency_scanning:input_file` + - `gitlab:dependency_scanning:package_manager` + + These were added in GitLab 15.7 to the SBOM produced by Dependency Scanning. However, these properties were incorrect and didn't align with the [GitLab CycloneDX property taxonomy](https://docs.gitlab.com/ee/development/sec/cyclonedx_property_taxonomy.html). + The following correct properties were added in GitLab 15.11 to address this: + + - `gitlab:dependency_scanning:input_file:path` + - `gitlab:dependency_scanning:package_manager:name` + + The incorrect properties were kept for backward compatibility. They are now deprecated and will be removed in 17.0. |