Dependency scanner documentation wrong

jwjwjw · May 28, 2025, 11:46am

I’m trying to setup the dependency scanner accordign to the documenttion but this appears to be completely wrong.

When I just add the component it complains it needs a test stage (not mentioned in the docs), When I add a test stage it’s not executed. Finally I’ve ended up with this:

workflow:
name: “foobar”

stages:

vault-get-secrets
build
test

include:

template: Jobs/Dependency-Scanning.gitlab-ci.yml

variables:

Dependency Scanning configuration

DS_EXCLUDED_ANALYZERS: “”
DS_EXCLUDED_PATHS: “spec,test,tests,tmp”
DS_DISABLE_DIND: “false”

build_upload:
tags:
- eks-elastic-xxl
- eks-elastic-xl

stage: build
retry: 2
image: foo
script:
- ls

dependency_scanning:
tags:
- eks-elastic-xxl
- eks-elastic-xl
rules:
- when: always
allow_failure: true

This fails with: dependency_scanning is used for configuration only, and its script should not be executed

So how do I run this? Or is it just completely unimplemented?

Topic		Replies	Views
Enabling the analyzer doesn't work for Dependency scanning DevSecOps sast , dependencies	1	544	June 13, 2026
We are using Ant build in our environment and want to setup dependency scanning to be generated but with ant, we are unable to achieve that GitLab CI/CD cicd	0	1898	November 21, 2022
Dependency scanning fails without details of the error or what is this expected key DevSecOps ci , maven , test , security	1	2011	November 5, 2019
Dependency scanning does not run in automated merge request DevSecOps	0	1515	August 2, 2021
Gitlab templates does not execute GitLab CI/CD	3	350	April 16, 2024

Dependency scanner documentation wrong

Dependency Scanning configuration

Related topics