From fb8d6a526f0ef2da9fb247e15f9ff19279dba3d6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 11 Jun 2021 03:10:14 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- doc/user/compliance/license_compliance/index.md | 50 +++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'doc/user/compliance') diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index a509fe0412c..9d6f8216a07 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -109,6 +109,11 @@ include: The included template creates a `license_scanning` job in your CI/CD pipeline and scans your dependencies to find their licenses. +NOTE: +Before GitLab 12.8, the `license_scanning` job was named `license_management`. GitLab 13.0 removes +the `license_management` job, so you must migrate to the `license_scanning` job and use the new +`License-Scanning.gitlab-ci.yml` template. + The results are saved as a [License Compliance report artifact](../../../ci/yaml/README.md#artifactsreportslicense_scanning) that you can later download and analyze. Due to implementation limitations, we @@ -553,6 +558,51 @@ For example: You can supply a custom root certificate to complete TLS verification by using the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). +### Migration from `license_management` to `license_scanning` + +In GitLab 12.8 a new name for `license_management` job was introduced. This change was made to improve clarity around the purpose of the scan, which is to scan and collect the types of licenses present in a projects dependencies. +GitLab 13.0 drops support for `license_management`. +If you're using a custom setup for License Compliance, you're required +to update your CI configuration accordingly: + +1. Change the CI template to `License-Scanning.gitlab-ci.yml`. +1. Change the job name to `license_scanning` (if you mention it in `.gitlab-ci.yml`). +1. Change the artifact name to `license_scanning`, and the filename to `gl-license-scanning-report.json` (if you mention it in `.gitlab-ci.yml`). + +For example, the following `.gitlab-ci.yml`: + +```yaml +include: + - template: License-Management.gitlab-ci.yml + +license_management: + artifacts: + reports: + license_management: gl-license-management-report.json +``` + +Should be changed to: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + artifacts: + reports: + license_scanning: gl-license-scanning-report.json +``` + +If you use the `license_management` artifact in GitLab 13.0 or later, the License Compliance job generates this error: + +```plaintext +WARNING: Uploading artifacts to coordinator... failed id=:id responseStatus=400 Bad Request status=400 Bad Request token=:sha + +FATAL: invalid_argument +``` + +If you encounter this error, follow the instructions described in this section. + ## Running License Compliance in an offline environment For self-managed GitLab instances in an environment with limited, restricted, or intermittent access -- cgit v1.2.1