Add dependency scanning flag

changelogs/unreleased/33718-add-new-dep-scanning-flag.yml

+---
+title: Add dependency scanning flag for skipping automatic bundler audit update
+merge_request: 20743
+author:
+type: added

doc/user/application_security/dependency_scanning/index.md

@@ -144,6 +144,7 @@ using environment variables.
 | `PIP_INDEX_URL`                         | Base URL of Python Package Index (default `https://pypi.org/simple`). |
 | `PIP_EXTRA_INDEX_URL`                   | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
 | `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to the maven analyzer during the project's build phase (see example for [using private repos](#using-private-maven-repos)). |
+| `BUNDLER_AUDIT_UPDATE_DISABLED`         | Disable automatic updates for the `bundler-audit` analyzer (default: `"false"`). Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
 
 ### Using private Maven repos
 

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -52,6 +52,7 @@ dependency_scanning:
           PIP_INDEX_URL \
           PIP_EXTRA_INDEX_URL \
           MAVEN_CLI_OPTS \
+          BUNDLER_AUDIT_UPDATE_DISABLED \
         ) \
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \