FAQ | This is a LIVE service | Changelog

Skip to content

Use new dependency scanner in mandatory jobs

In GitLab's docs they say:

You should use the new Dependency Scanning analyzer. For details, see Enabling the analyzer. If instead you use the (deprecated) Gemnasium analyzer, refer to the enablement instructions for the legacy Dependency Scanning feature.

In order to use the new dependency scanner we need to:

  • Change the Jobs/Dependency-Scanning.gitlab-ci.yml reference in mandatory-jobs.gitlab-ci.yml to Jobs/Dependency-Scanning-latest.gitlab.ci.yml.
  • Set the DS_ENFORCE_NEW_ANALYZER CI variable to true.
  • Update the pipeline execution policy to allow overriding DS_ENFORCE_NEW_ANALYZER if necessary.