debian-mirror-gitlab/data/deprecations/14-8-sast-secret-analyzer-image.yml
2023-03-17 16:20:25 +05:30

25 lines
1.9 KiB
YAML

- title: "Secure and Protect analyzer images published in new location"
announcement_milestone: "14.8"
removal_milestone: "15.0"
breaking_change: true
reporter: connorgilbert
body: | # Do not modify this line, instead modify the lines below.
GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
Each analyzer is distributed as a container image.
Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under `registry.gitlab.com/security-products`.
We will update the default value of [GitLab-managed CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) to reflect this change:
- For all analyzers except Container Scanning, we will update the variable `SECURE_ANALYZERS_PREFIX` to the new image registry location.
- For Container Scanning, the default image address is already updated. There is no `SECURE_ANALYZERS_PREFIX` variable for Container Scanning.
In a future release, we will stop publishing images to `registry.gitlab.com/gitlab-org/security-products/analyzers`.
Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for [offline deployments](https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html).
Otherwise, you won't receive further updates.
See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564) for more details.
# The following items are not published on the docs page, but may be used in the future.
stage: Secure
tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352564