Update GitLab Ultimate Scanner Configuration
This has three related, but distinct, parts.
Pin the SpotBugs SAST Scanner to the previous version
Version 2.28.6 does not work with Java. The error message says "Out of Memory", but it isn't really memory -- a simple java -version
fails with the same errors. Others have encountered this as well. I found that changing the version of glibc fixed it; but rather than support a separate docker image with that one change alone, I configured it to use the entire previous version.
Update gemnasium to use the latest version
Previously, we had a custom version of gemnasium to do dependency scanning, since the GitLab version only used Java 11. Ours was built on Java 8, instead. The newest GitLab containers support selection of the JVM via an environment variable; so I used that with Java 8. This will pick up any improvements to gemnasium over the last year or so.
Added debug output all the time
If this ends up causing really slow pipelines, we can turn it off again, but I think it is useful to have this for when these stages fail.