Clarification about Gitlab Dependency scan run for non-Ultimate subscription

I can include the dependency scan pipeline (which is supposed to be only in the Ultimate subscription) in a private repository without the Ultimate subscription and run it by adding ‘,dependency scan’ to the GITLAB_FEATURES environment variable, just wanted to confirm if this is working as intended or will count as breaking the GitLab policy.

The .gitlab-ci.yml looks like:

  GITLAB_FEATURES: "$GITLAB_FEATURES,dependency_scanning"

  - template: Dependency-Scanning.gitlab-ci.yml

This will now run the dependency scan in my private repository and generate the report as an artifact, I wanted to confirm if this is working as intended.

1 Like