diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-09 03:08:55 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-09 03:08:55 +0300 |
| commit | 9ca5333a1227444383b8e01bf0cb173679e65627 (patch) | |
| tree | 62219df6f97715c8094a63c8da87c7e703c8920c /data | |
| parent | 7db94a9807df03ce7a4f210b513816a47f34e15b (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'data')
| -rw-r--r-- | data/deprecations/15-9-secure-template-changes.yml | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/data/deprecations/15-9-secure-template-changes.yml b/data/deprecations/15-9-secure-template-changes.yml index fa1c8669b37..9129f17b562 100644 --- a/data/deprecations/15-9-secure-template-changes.yml +++ b/data/deprecations/15-9-secure-template-changes.yml @@ -10,10 +10,7 @@ The updates will include improvements already released in the Latest versions of the CI/CD templates. We released these changes in the Latest template versions because they have the potential to disrupt customized CI/CD pipeline configurations. - In all updated templates, we're: - - - Adding support for running scans in merge request (MR) pipelines. - - Updating the definition of variables like `SAST_DISABLED` and `DEPENDENCY_SCANNING_DISABLED` to disable scanning only if the value is `"true"`. Previously, even if the value were `"false"`, scanning would be disabled. + In all updated templates, we're updating the definition of variables like `SAST_DISABLED` and `DEPENDENCY_SCANNING_DISABLED` to disable scanning only if the value is `"true"`. Previously, even if the value were `"false"`, scanning would be disabled. The following templates will be updated: @@ -27,7 +24,7 @@ - SAST: [`SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) - Secret Detection: [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detction.gitlab-ci.yml) - We recommend that you test your pipelines before the 16.0 release if you use one of the templates listed above and you do any of the following: + We recommend that you test your pipelines before the 16.0 release if you use one of the templates listed above and you use the `_DISABLED` variables but set a value other than `"true"`. - 1. You override `rules` for your security scanning jobs. - 1. You use the `_DISABLED` variables but set a value other than `"true"`. + **Update:** We previously announced that we would update the `rules` on the affected templates to run in [merge request pipelines](https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html) by default. + However, due to compatibility issues [discussed in the deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388988#note_1372629948), we will no longer make this change in GitLab 16.0. We will still release the changes to the `_DISABLED` variables as described above. |