I can include the dependency scan pipeline (which is supposed to be only in the Ultimate subscription) in a private repository without the Ultimate subscription and run it by adding ‘,dependency scan’ to the GITLAB_FEATURES environment variable, just wanted to confirm if this is working as intended or will count as breaking the GitLab policy.
The .gitlab-ci.yml looks like:
variables:
GITLAB_FEATURES: "$GITLAB_FEATURES,dependency_scanning"
include:
- template: Dependency-Scanning.gitlab-ci.yml
This will now run the dependency scan in my private repository and generate the report as an artifact, I wanted to confirm if this is working as intended.