debian-mirror-gitlab/doc/user/project/import/gemnasium.md

# Gemnasium **(ULTIMATE)**

This guide describes how to migrate from Gemnasium.com to your own GitLab
instance or GitLab.com.

## Why is Gemnasium.com closed?

Gemnasium was [acquired by GitLab](https://about.gitlab.com/press/releases/2018-01-30-gemnasium-acquisition.html)
in January 2018. Since May 15, 2018, the services provided by Gemnasium are no longer available.
The team behind Gemnasium has joined GitLab as the new Security Products team
and is working on a [wide range of tools](../../application_security/index.md),
including:

- [Dependency Scanning](../../application_security/dependency_scanning/index.md)
- [SAST](../../application_security/sast/index.md)
- [DAST](../../application_security/dast/index.md)
- [Container Scanning](../../application_security/container_scanning/index.md)

If you want to continue monitoring your dependencies, see the
[Migrating to GitLab](#migrating-to-gitlab) section below.

## What happened to my account?

Your account has been automatically closed on May 15th, 2018. If you had a paid
subscription at that time, your card will be refunded on a pro rata temporis basis.
You may contact `gemnasium@gitlab.com` regarding your closed account.

## Will my account/data be transferred to GitLab Inc.?

All accounts and data have been deleted on May 15th, 2018. GitLab Inc.
doesn't know anything about your private data, nor your projects, and therefore
if they were vulnerable or not. GitLab Inc. takes personal information very seriously.

## What happened to my badge?

To avoid broken 404 images, all badges pointing to Gemnasium.com will be a
placeholder, inviting you to migrate to GitLab (and pointing to this page).

## Migrating to GitLab

Gemnasium has been ported and integrated directly into GitLab CI/CD.
You can still benefit from our dependency monitoring features, and it requires
some steps to migrate your projects. There is no automatic import since GitLab
doesn't know anything about any projects which existed on Gemnasium.com.
Security features are free for public (open-source) projects hosted on GitLab.com.

### If your project is hosted on GitLab (`https://gitlab.com` / self-hosted)

You're almost set! If you're already using
[Auto DevOps](../../../topics/autodevops/), you are already covered.
Otherwise, you must configure your `.gitlab-ci.yml` according to the
[dependency scanning page](../../application_security/dependency_scanning/index.md).

### If your project is hosted on GitHub (`https://github.com` / GitHub Enterprise)

Since [GitLab 10.6 comes with GitHub integration](https://about.gitlab.com/solutions/github/),
GitLab users can now create a CI/CD project in GitLab connected to an external
GitHub.com or GitHub Enterprise repository. This will automatically prompt
GitLab CI/CD to run whenever code is pushed to GitHub and post CI/CD results
back to both GitLab and GitHub when completed.

1. Create a new project, and select the "CI/CD for external repo" tab:

   ![Create new Project](img/gemnasium/create_project.png)

1. Use the "GitHub" button to connect your repositories.

   ![Connect from GitHub](img/gemnasium/connect_github.png)

1. Select the project(s) to be set up with GitLab CI/CD and chose "Connect".

   ![Select projects](img/gemnasium/select_project.png)

   Once the configuration is done, you may click on your new
   project on GitLab.

   ![click on connected project](img/gemnasium/project_connected.png)

   Your project is now mirrored on GitLab, where the Runners will be able to access
   your source code and run your tests.

   Optional step: If you set this up on GitLab.com, make sure the project is
   public (in the project settings) if your GitHub project is public, since
   the security feature is available only for [GitLab Ultimate](https://about.gitlab.com/pricing/).

1. To set up the dependency scanning job, corresponding to what Gemnasium was
   doing, you must create a `.gitlab-ci.yml` file, or update it according to
   the [dependency scanning docs](../../application_security/dependency_scanning/index.md).
   The mirroring is pull-only by default, so you may create or update the file on
   GitHub:

   ![Edit gitlab-ci.yml file](img/gemnasium/edit_gitlab-ci.png)

1. Once your file has been committed, a new pipeline will be automatically
   triggered if your file is valid:

   ![pipeline](img/gemnasium/pipeline.png)

1. The result of the job will be visible directly from the pipeline view:

   ![Security Dashboard](../../application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png)

NOTE: **Note:**
If you don't commit very often to your project, you may want to use
[scheduled pipelines](../pipelines/schedules.md) to run the job on a regular
basis.
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`# Gemnasium (ULTIMATE)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`This guide describes how to migrate from Gemnasium.com to your own GitLab`
			`instance or GitLab.com.`

			`## Why is Gemnasium.com closed?`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`Gemnasium was [acquired by GitLab](https://about.gitlab.com/press/releases/2018-01-30-gemnasium-acquisition.html)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`in January 2018. Since May 15, 2018, the services provided by Gemnasium are no longer available.`
			`The team behind Gemnasium has joined GitLab as the new Security Products team`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`and is working on a [wide range of tools](../../application_security/index.md),`
			`including:`

			`- [Dependency Scanning](../../application_security/dependency_scanning/index.md)`
			`- [SAST](../../application_security/sast/index.md)`
			`- [DAST](../../application_security/dast/index.md)`
			`- [Container Scanning](../../application_security/container_scanning/index.md)`

New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`If you want to continue monitoring your dependencies, see the`
			`[Migrating to GitLab](#migrating-to-gitlab) section below.`

			`## What happened to my account?`

			`Your account has been automatically closed on May 15th, 2018. If you had a paid`
			`subscription at that time, your card will be refunded on a pro rata temporis basis.`
			You may contact `gemnasium@gitlab.com` regarding your closed account.

			`## Will my account/data be transferred to GitLab Inc.?`

			`All accounts and data have been deleted on May 15th, 2018. GitLab Inc.`
			`doesn't know anything about your private data, nor your projects, and therefore`
			`if they were vulnerable or not. GitLab Inc. takes personal information very seriously.`

			`## What happened to my badge?`

			`To avoid broken 404 images, all badges pointing to Gemnasium.com will be a`
			`placeholder, inviting you to migrate to GitLab (and pointing to this page).`

			`## Migrating to GitLab`

			`Gemnasium has been ported and integrated directly into GitLab CI/CD.`
			`You can still benefit from our dependency monitoring features, and it requires`
			`some steps to migrate your projects. There is no automatic import since GitLab`
			`doesn't know anything about any projects which existed on Gemnasium.com.`
			`Security features are free for public (open-source) projects hosted on GitLab.com.`

New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			### If your project is hosted on GitLab (`https://gitlab.com` / self-hosted)
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`You're almost set! If you're already using`
			`[Auto DevOps](../../../topics/autodevops/), you are already covered.`
			Otherwise, you must configure your `.gitlab-ci.yml` according to the
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`[dependency scanning page](../../application_security/dependency_scanning/index.md).`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			### If your project is hosted on GitHub (`https://github.com` / GitHub Enterprise)
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`Since [GitLab 10.6 comes with GitHub integration](https://about.gitlab.com/solutions/github/),`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`GitLab users can now create a CI/CD project in GitLab connected to an external`
			`GitHub.com or GitHub Enterprise repository. This will automatically prompt`
			`GitLab CI/CD to run whenever code is pushed to GitHub and post CI/CD results`
			`back to both GitLab and GitHub when completed.`

			`1. Create a new project, and select the "CI/CD for external repo" tab:`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![Create new Project](img/gemnasium/create_project.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`1. Use the "GitHub" button to connect your repositories.`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![Connect from GitHub](img/gemnasium/connect_github.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`1. Select the project(s) to be set up with GitLab CI/CD and chose "Connect".`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![Select projects](img/gemnasium/select_project.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`Once the configuration is done, you may click on your new`
			`project on GitLab.`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![click on connected project](img/gemnasium/project_connected.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`Your project is now mirrored on GitLab, where the Runners will be able to access`
			`your source code and run your tests.`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`Optional step: If you set this up on GitLab.com, make sure the project is`
			`public (in the project settings) if your GitHub project is public, since`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`the security feature is available only for [GitLab Ultimate](https://about.gitlab.com/pricing/).`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`1. To set up the dependency scanning job, corresponding to what Gemnasium was`
			doing, you must create a `.gitlab-ci.yml` file, or update it according to
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`the [dependency scanning docs](../../application_security/dependency_scanning/index.md).`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`The mirroring is pull-only by default, so you may create or update the file on`
			`GitHub:`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![Edit gitlab-ci.yml file](img/gemnasium/edit_gitlab-ci.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`1. Once your file has been committed, a new pipeline will be automatically`
			`triggered if your file is valid:`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`![pipeline](img/gemnasium/pipeline.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`1. The result of the job will be visible directly from the pipeline view:`

New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`![Security Dashboard](../../application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30
			`NOTE: Note:`
			`If you don't commit very often to your project, you may want to use`
			`[scheduled pipelines](../pipelines/schedules.md) to run the job on a regular`
			`basis.`