diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-20 02:18:09 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-20 02:18:09 +0300 |
| commit | 6ed4ec3e0b1340f96b7c043ef51d1b33bbe85fde (patch) | |
| tree | dc4d20fe6064752c0bd323187252c77e0a89144b /data/removals/15_4/15-4-sast-analyzer-consolidation.yml | |
| parent | 9868dae7fc0655bd7ce4a6887d4e6d487690eeed (diff) | |
Add latest changes from gitlab-org/gitlab@15-4-stable-eev15.4.0-rc42
Diffstat (limited to 'data/removals/15_4/15-4-sast-analyzer-consolidation.yml')
| -rw-r--r-- | data/removals/15_4/15-4-sast-analyzer-consolidation.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/data/removals/15_4/15-4-sast-analyzer-consolidation.yml b/data/removals/15_4/15-4-sast-analyzer-consolidation.yml new file mode 100644 index 00000000000..825fb2b4bfc --- /dev/null +++ b/data/removals/15_4/15-4-sast-analyzer-consolidation.yml @@ -0,0 +1,30 @@ +- name: "SAST analyzer consolidation and CI/CD template changes" + announcement_milestone: "14.8" + announcement_date: "2022-02-22" + removal_milestone: "15.4" + removal_date: "2022-09-22" + breaking_change: true + reporter: connorgilbert + stage: Secure + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352554 + body: | # (required) Do not modify this line, instead modify the lines below. + We have replaced the GitLab SAST [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) for certain languages in GitLab 15.4 as part of our long-term strategy to deliver a more consistent user experience, faster scan times, and reduced CI minute usage. + + Starting from GitLab 15.4, the [GitLab-managed SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) uses [Semgrep-based scanning](https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#transition-to-semgrep-based-scanning) instead of the following analyzers: + + - [ESLint](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) for JavaScript, TypeScript, React + - [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) for Go + - [Bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) for Python + - [SpotBugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) for Java + + We will no longer make any updates to the ESLint-, Gosec-, and Bandit-based analyzers. + The SpotBugs-based analyzer will continue to be used for Groovy, Kotlin, and Scala scanning. + + We won't delete container images previously published for these analyzers, so older versions of the CI/CD template will continue to work. + + If you changed the default GitLab SAST configuration, you may need to update your configuration as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352554#actions-required). +# The following items are not published on the docs page, but may be used in the future. + tiers: [Free, Silver, Gold, Core, Premium, Ultimate] + documentation_url: https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#transition-to-semgrep-based-scanning # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg |