1 files changed, 4 insertions, 164 deletions

diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index 197ce2438e6..1785d4216e7 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -1,165 +1,5 @@
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+# This template moved to Jobs/Dependency-Scanning.gitlab-ci.yml in GitLab 14.8
+# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977
 
-# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
-#
-# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables
-
-variables:
-  # Setting this variable will affect all Security templates
-  # (SAST, Dependency Scanning, ...)
-  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
-  DS_DEFAULT_ANALYZERS: "bundler-audit, retire.js, gemnasium, gemnasium-maven, gemnasium-python"
-  DS_EXCLUDED_ANALYZERS: ""
-  DS_EXCLUDED_PATHS: "spec, test, tests, tmp"
-  DS_MAJOR_VERSION: 2
-
-dependency_scanning:
-  stage: test
-  script:
-    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
-    - exit 1
-  artifacts:
-    reports:
-      dependency_scanning: gl-dependency-scanning-report.json
-  dependencies: []
-  rules:
-    - when: never
-
-.ds-analyzer:
-  extends: dependency_scanning
-  allow_failure: true
-  # `rules` must be overridden explicitly by each child job
-  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-  script:
-    - /analyzer run
-
-gemnasium-dependency_scanning:
-  extends: .ds-analyzer
-  image:
-    name: "$DS_ANALYZER_IMAGE"
-  variables:
-    # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
-    # override the analyzer image with a custom value. This may be subject to change or
-    # breakage across GitLab releases.
-    DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium:$DS_MAJOR_VERSION"
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /gemnasium([^-]|$)/
-      exists:
-        - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
-        - '{composer.lock,*/composer.lock,*/*/composer.lock}'
-        - '{gems.locked,*/gems.locked,*/*/gems.locked}'
-        - '{go.sum,*/go.sum,*/*/go.sum}'
-        - '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}'
-        - '{package-lock.json,*/package-lock.json,*/*/package-lock.json}'
-        - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}'
-        - '{packages.lock.json,*/packages.lock.json,*/*/packages.lock.json}'
-        - '{conan.lock,*/conan.lock,*/*/conan.lock}'
-
-gemnasium-maven-dependency_scanning:
-  extends: .ds-analyzer
-  image:
-    name: "$DS_ANALYZER_IMAGE"
-  variables:
-    # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
-    # override the analyzer image with a custom value. This may be subject to change or
-    # breakage across GitLab releases.
-    DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-maven:$DS_MAJOR_VERSION"
-    # Stop reporting Gradle as "maven".
-    # See https://gitlab.com/gitlab-org/gitlab/-/issues/338252
-    DS_REPORT_PACKAGE_MANAGER_MAVEN_WHEN_JAVA: "false"
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-maven/
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /gemnasium-maven/
-      exists:
-        - '{build.gradle,*/build.gradle,*/*/build.gradle}'
-        - '{build.gradle.kts,*/build.gradle.kts,*/*/build.gradle.kts}'
-        - '{build.sbt,*/build.sbt,*/*/build.sbt}'
-        - '{pom.xml,*/pom.xml,*/*/pom.xml}'
-
-gemnasium-python-dependency_scanning:
-  extends: .ds-analyzer
-  image:
-    name: "$DS_ANALYZER_IMAGE"
-  variables:
-    # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
-    # override the analyzer image with a custom value. This may be subject to change or
-    # breakage across GitLab releases.
-    DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-python:$DS_MAJOR_VERSION"
-    # Stop reporting Pipenv and Setuptools as "pip".
-    # See https://gitlab.com/gitlab-org/gitlab/-/issues/338252
-    DS_REPORT_PACKAGE_MANAGER_PIP_WHEN_PYTHON: "false"
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /gemnasium-python/
-      exists:
-        - '{requirements.txt,*/requirements.txt,*/*/requirements.txt}'
-        - '{requirements.pip,*/requirements.pip,*/*/requirements.pip}'
-        - '{Pipfile,*/Pipfile,*/*/Pipfile}'
-        - '{requires.txt,*/requires.txt,*/*/requires.txt}'
-        - '{setup.py,*/setup.py,*/*/setup.py}'
-        # Support passing of $PIP_REQUIREMENTS_FILE
-        # See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /gemnasium-python/ &&
-          $PIP_REQUIREMENTS_FILE
-
-bundler-audit-dependency_scanning:
-  extends: .ds-analyzer
-  image:
-    name: "$DS_ANALYZER_IMAGE"
-  variables:
-    # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
-    # override the analyzer image with a custom value. This may be subject to change or
-    # breakage across GitLab releases.
-    DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/bundler-audit:$DS_MAJOR_VERSION"
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $DS_EXCLUDED_ANALYZERS =~ /bundler-audit/
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /bundler-audit/
-      exists:
-        - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
-
-retire-js-dependency_scanning:
-  extends: .ds-analyzer
-  image:
-    name: "$DS_ANALYZER_IMAGE"
-  variables:
-    # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
-    # override the analyzer image with a custom value. This may be subject to change or
-    # breakage across GitLab releases.
-    DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/retire.js:$DS_MAJOR_VERSION"
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $DS_EXCLUDED_ANALYZERS =~ /retire.js/
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
-          $DS_DEFAULT_ANALYZERS =~ /retire.js/
-      exists:
-        - '{package.json,*/package.json,*/*/package.json}'
+include:
+  template: Jobs/Dependency-Scanning.gitlab-ci.yml