Investigate GitLab Scanners for Performance
The gemnasium dependency scanner and the spotbugs SAST scanner are some of the longest parts of the CI/CD pipeline at the moment. It would be helpful to know if there are configuration parameters that can increase performance, and know what the effect will be on the quality of the results.
Some initial areas to investigate:
- Make sure the artifacts and maven cache are being populated down to the scanners, so that these elements are not being regenerated.
- GitLab scanners seem to have a configuration for the most intense scanning built into their analyzers. Perhaps a fork of their projects to change these settings?