BlogUnfilteredSecure Composition Analysis 14.0 deprecations and removals

Published on: February 8, 2021

1 min read

Secure Composition Analysis 14.0 deprecations and removals

A review of the deprecations and removals in 14.0 for the Secure Composition Analysis group.

Nicole Schwartz

features

security

During the 14.0 release there will be both deprecations and removals by the Composition Analysis group, a member of the Secure stage, which is responsible for both the Dependency Scanning and License Compliance features. Please check if you're impacted by these changes and take appropriate action.

Removals for License Compliance

In 13.0 we deprecated the License-Management CI template, and renamed it License-Scanning. We have been providing backwards compatibility by warning users of the old template to switch. In 14.0 we will remove the License-Management CI template. You can read more about this change in issue #216261.

Deprecations for Dependency Scanning

If you only use a subset of our Dependency Scanning analyzers, you will need to change to using DS_EXCLUDED_ANALYZERS in 14.0 when it becomes available and stop using DS_DEFAULT_ANALYZERS. DS_EXCLUDED_ANALYZERS specifically asks what analyzers you wish to skip, rather than the current CI/CD variable DS_DEFAULT_ANALYZERS which you must list every analyzer you want to run. DS_DEFAULT_ANALYZERS did not automatically receive new analyzers added to GitLab, and required users to take action each time an analyzer was made available. You can read more about this change in this issue.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.

50%+ of the Fortune 100 trust GitLab

Start shipping better software faster

See what your team can do with the intelligent

DevSecOps platform.

Get free trial Talk to sales