This merge request was created by going to Security & Compliance → Configuration → Dependency Scanning and clicking Configure via Merge Request (I’ve since modified the contents of the MR). However, the resulting pipeline does not have any new jobs in it, even though this is a Python project.
I’ve tried several times, first partially configuring dependency scanning by copying configuration from another project, fiddling a bunch, and then removing all traces of dependency scanning from .gitlab-ci.yml and using the automated MR. In all cases there are no new jobs. What gives?
Could it make a difference that I tried to configure dependency scanning before SAST? Or that the template includes are at the top rather than the bottom of the file? Also, is there some way to figure out why the included template jobs don’t run? Finally, is there a way to manually enable features like dependency scanning to get $GITLAB_FEATURES =~ /\bdependency_scanning\b/ to match?
Ugly workaround: Add the following to any jobs you want to force to run, like gemnasium-python-dependency_scanning:
rules:
- if: $CI_COMMIT_BRANCH