Upgrade scanner overrides to 14.8.2 (!523) · Merge requests · OSDU Software / OSDU Data Platform / CI-CD Pipelines

David Diederich requested to merge upgrade-scanners-to-14.8.2 into master Mar 01, 2022

With the upgrade to GitLab 14.8.2, the security templates have changed slightly.

In particular, the dependency scanners now extend from an additional job template. This affects our gemnasium-maven-dependency_scanning job, which had an override for the extends key so it could inject its own .ultimate-scanner-maven-config. We now need to include the .cyclone-dx-reports template to preserve the behavior from the GitLab templates.

This is a placeholder in GitLab's scanning, so it isn't critical to operation right now. But, it is worth staying up to date.

Multi Pipeline demonstrating that this works.

Edited Mar 01, 2022 by David Diederich

Upgrade scanner overrides to 14.8.2

Merge request reports