diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 03:09:22 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 03:09:22 +0000 |
commit | a2c2225d61e60c5fe534e9455b8f60bf6ae22423 (patch) | |
tree | 3dd7055ea190de5f53fc6336f6077e56c0d09e0a /doc/development/sec | |
parent | a149dffe2f221544ce239658e1e0fad06a2726a2 (diff) | |
download | gitlab-ce-a2c2225d61e60c5fe534e9455b8f60bf6ae22423.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/sec')
-rw-r--r-- | doc/development/sec/analyzer_development_guide.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/development/sec/analyzer_development_guide.md b/doc/development/sec/analyzer_development_guide.md index a35bc2b7237..002c2fa3581 100644 --- a/doc/development/sec/analyzer_development_guide.md +++ b/doc/development/sec/analyzer_development_guide.md @@ -118,6 +118,12 @@ To use Docker with `replace` in the `go.mod` file: 1. Update the `replace` statement to make sure it matches the destination of the `COPY` statement in the step above: `replace gitlab.com/gitlab-org/security-products/analyzers/command/v3 => /command` +## Analyzer scripts + +The [analyzer-scripts](https://gitlab.com/gitlab-org/secure/tools/analyzer-scripts) repository contains scripts that can be used to interact with most analyzers. They enable you to build, run, and debug analyzers in a GitLab CI-like environment, and are particularly useful for locally validating changes to an analyzer. + +For more information, refer to the [project README](https://gitlab.com/gitlab-org/secure/tools/analyzer-scripts/-/blob/master/README.md). + ## Versioning and release process Analyzers are independent projects that follow their own versioning. `Patch` version bumps tend to correspond to a `Minor` version bump of the underlying tools (i.e. [`bandit`](https://wiki.openstack.org/wiki/Security/Projects/Bandit)), allowing us greater flexibility in reserving `Minor` bumps for more significant changes to our scanners. In case of breaking changes imposed by the wrapped scanner, creating a new analyzer on a separate repository must be considered. |