Commit 6f7d07a3 authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Achilleas Pipinellis

Docs - Update documentation for 'license_scanning'

parent 6ae01f77
...@@ -2150,6 +2150,11 @@ dashboards. It is not available for download through the web interface. ...@@ -2150,6 +2150,11 @@ dashboards. It is not available for download through the web interface.
##### `artifacts:reports:license_management` **(ULTIMATE)** ##### `artifacts:reports:license_management` **(ULTIMATE)**
CAUTION: **Warning:**
This artifact is still valid but was **deprecated** in favor of the
[artifacts:reports:license_scanning](#artifactsreportslicense_scanning-ultimate)
introduced in GitLab 12.8.
> Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above. > Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above.
The `license_management` report collects [Licenses](../../user/application_security/license_compliance/index.md) The `license_management` report collects [Licenses](../../user/application_security/license_compliance/index.md)
...@@ -2159,6 +2164,17 @@ The collected License Compliance report will be uploaded to GitLab as an artifac ...@@ -2159,6 +2164,17 @@ The collected License Compliance report will be uploaded to GitLab as an artifac
be summarized in the merge requests and pipeline view. It is also used to provide data for security be summarized in the merge requests and pipeline view. It is also used to provide data for security
dashboards. It is not available for download through the web interface. dashboards. It is not available for download through the web interface.
##### `artifacts:reports:license_scanning` **(ULTIMATE)**
> Introduced in GitLab 12.8. Requires GitLab Runner 11.5 and above.
The `license_scanning` report collects [Licenses](../../user/application_security/license_compliance/index.md)
as artifacts.
The License Compliance report will be uploaded to GitLab as an artifact and will
be automatically shown in merge requests, pipeline view and provide data for security
dashboards.
##### `artifacts:reports:performance` **(PREMIUM)** ##### `artifacts:reports:performance` **(PREMIUM)**
> Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above. > Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above.
......
...@@ -26,7 +26,7 @@ licenses in your project's settings. ...@@ -26,7 +26,7 @@ licenses in your project's settings.
NOTE: **Note:** NOTE: **Note:**
If the license compliance report doesn't have anything to compare to, no information If the license compliance report doesn't have anything to compare to, no information
will be displayed in the merge request area. That is the case when you add the will be displayed in the merge request area. That is the case when you add the
`license_management` job in your `.gitlab-ci.yml` for the first time. `license_scanning` job in your `.gitlab-ci.yml` for the first time.
Consecutive merge requests will have something to compare to and the license Consecutive merge requests will have something to compare to and the license
compliance report will be shown properly. compliance report will be shown properly.
...@@ -70,25 +70,38 @@ To run a License Compliance scanning job, you need GitLab Runner with the ...@@ -70,25 +70,38 @@ To run a License Compliance scanning job, you need GitLab Runner with the
## Configuration ## Configuration
For GitLab 11.9 and later, to enable License Compliance, you must For GitLab 12.8 and later, to enable License Compliance, you must
[include](../../../ci/yaml/README.md#includetemplate) the [include](../../../ci/yaml/README.md#includetemplate) the
[`License-Management.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml) [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml)
that's provided as a part of your GitLab installation. that's provided as a part of your GitLab installation.
For older versions of GitLab from 11.9 to 12.7, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`License-Management.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml).
For GitLab versions earlier than 11.9, you can copy and use the job as defined For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template. that template.
NOTE: **Note:**
In GitLab 13.0, the `License-Management.gitlab-ci.yml` template is scheduled to be removed.
Use `License-Scanning.gitlab-ci.yml` instead.
Add the following to your `.gitlab-ci.yml` file: Add the following to your `.gitlab-ci.yml` file:
```yaml ```yaml
include: include:
template: License-Management.gitlab-ci.yml template: License-Scanning.gitlab-ci.yml
``` ```
The included template will create a `license_management` job in your CI/CD pipeline The included template will create a `license_scanning` job in your CI/CD pipeline
and scan your dependencies to find their licenses. and scan your dependencies to find their licenses.
NOTE: **Note:**
Before GitLab 12.8, the `license_scanning` job was named `license_management`.
In GitLab 13.0, the `license_management` job is scheduled to be removed completely,
so you're advised to migrate to the `license_scanning` job and used the new
`License-Scanning.gitlab-ci.yml` template.
The results will be saved as a The results will be saved as a
[License Compliance report artifact](../../../ci/yaml/README.md#artifactsreportslicense_management-ultimate) [License Compliance report artifact](../../../ci/yaml/README.md#artifactsreportslicense_scanning-ultimate)
that you can later download and analyze. Due to implementation limitations, we that you can later download and analyze. Due to implementation limitations, we
always take the latest License Compliance artifact available. Behind the scenes, the always take the latest License Compliance artifact available. Behind the scenes, the
[GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/license-management) [GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/license-management)
...@@ -128,7 +141,7 @@ For example: ...@@ -128,7 +141,7 @@ For example:
```yaml ```yaml
include: include:
template: License-Management.gitlab-ci.yml template: License-Scanning.gitlab-ci.yml
variables: variables:
LICENSE_MANAGEMENT_SETUP_CMD: sh my-custom-install-script.sh LICENSE_MANAGEMENT_SETUP_CMD: sh my-custom-install-script.sh
...@@ -140,14 +153,14 @@ directory of your project. ...@@ -140,14 +153,14 @@ directory of your project.
### Overriding the template ### Overriding the template
If you want to override the job definition (for example, change properties like If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `license_management` job `variables` or `dependencies`), you need to declare a `license_scanning` job
after the template inclusion and specify any additional keys under it. For example: after the template inclusion and specify any additional keys under it. For example:
```yaml ```yaml
include: include:
template: License-Management.gitlab-ci.yml template: License-Scanning.gitlab-ci.yml
license_management: license_scanning:
variables: variables:
CI_DEBUG_TRACE: "true" CI_DEBUG_TRACE: "true"
``` ```
...@@ -160,9 +173,9 @@ Feel free to use it for the customization of Maven execution. For example: ...@@ -160,9 +173,9 @@ Feel free to use it for the customization of Maven execution. For example:
```yaml ```yaml
include: include:
template: License-Management.gitlab-ci.yml template: License-Scanning.gitlab-ci.yml
license_management: license_scanning:
variables: variables:
MAVEN_CLI_OPTS: --debug MAVEN_CLI_OPTS: --debug
``` ```
...@@ -188,13 +201,48 @@ by setting the `LM_PYTHON_VERSION` environment variable to `2`. ...@@ -188,13 +201,48 @@ by setting the `LM_PYTHON_VERSION` environment variable to `2`.
```yaml ```yaml
include: include:
template: License-Management.gitlab-ci.yml template: License-Scanning.gitlab-ci.yml
license_management: license_scanning:
variables: variables:
LM_PYTHON_VERSION: 2 LM_PYTHON_VERSION: 2
``` ```
### Migration from `license_management` to `license_scanning`
In GitLab 12.8 a new name for `license_management` job was introduced. This change was made to improve clarity around the purpose of the scan, which is to scan and collect the types of licenses present in a projects dependencies.
The support of `license_management` is scheduled to be dropped in GitLab 13.0.
If you're using a custom setup for License Compliance, you're required
to update your CI config accordingly:
1. Change the CI template to `License-Scanning.gitlab-ci.yml`.
1. Change the job name to `license_management` (if you mention it in `.gitlab-ci.yml`).
1. Change the artifact name to `gl-license-scanning-report.json` (if you mention it in `.gitlab-ci.yml`).
For example, the following `.gitlab-ci.yml`:
```yaml
include:
template: License-Management.gitlab-ci.yml
license_management:
artifacts:
reports:
license_management: gl-license-management-report.json
```
Should be changed to:
```yaml
include:
template: License-Scanning.gitlab-ci.yml
license_scanning:
artifacts:
reports:
license_scanning: gl-license-scanning-report.json
```
## Project policies for License Compliance ## Project policies for License Compliance
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/5940) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.4. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/5940) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.4.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment