25 lines
1.6 KiB
YAML
25 lines
1.6 KiB
YAML
|
- name: "Out-of-the-box SAST support for Java 8"
|
||
|
announcement_milestone: "14.8"
|
||
|
announcement_date: "2022-02-22"
|
||
|
removal_milestone: "15.0"
|
||
|
removal_date: "2022-05-22"
|
||
|
breaking_change: true
|
||
|
reporter: connorgilbert
|
||
|
body: | # Do not modify this line, instead modify the lines below.
|
||
|
The [GitLab SAST SpotBugs analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) scans [Java, Scala, Groovy, and Kotlin code](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) for security vulnerabilities.
|
||
|
For technical reasons, the analyzer must first compile the code before scanning.
|
||
|
Unless you use the [pre-compilation strategy](https://docs.gitlab.com/ee/user/application_security/sast/#pre-compilation), the analyzer attempts to automatically compile your project's code.
|
||
|
|
||
|
In GitLab versions prior to 15.0, the analyzer image includes Java 8 and Java 11 runtimes to facilitate compilation.
|
||
|
|
||
|
In GitLab 15.0, we will:
|
||
|
|
||
|
- Remove Java 8 from the analyzer image to reduce the size of the image.
|
||
|
- Add Java 17 to the analyzer image to make it easier to compile with Java 17.
|
||
|
|
||
|
If you rely on Java 8 being present in the analyzer environment, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352549#breaking-change).
|
||
|
# The following items are not published on the docs page, but may be used in the future.
|
||
|
stage: Secure
|
||
|
tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
|
||
|
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352549
|