Dependency Scanning via Gemnasium template - "ERROR: Could not find a version that satisfies the requirement"

Hello,

I have been trying to set up the dependency scanning for a Python project and have been struggling with some puzzling errors.

I always get this particular error in the debug:

ERROR: Could not find a version that satisfies the requirement …

The relevant bits of the .gitlab-ci.yml

include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml

gemnasium-python-dependency_scanning:
  stage: security
  variables:
    DS_PIP_DEPENDENCY_PATH: requirements.txt
    SECURE_LOG_LEVEL: debug
    DS_PYTHON_VERSION: 3.8.8
  script:
    - which python
    - python -V
    - which pip
    - pip -V
    - "/analyzer run"

I have tried many variations but the runner logs always return the same result:

$ which python
/usr/local/bin/python
$ python -V
Python 3.6.15
$ which pip
/usr/local/bin/pip
$ pip -V
pip 21.2.4 from /usr/local/lib/python3.6/site-packages/pip (python 3.6)
$ /analyzer run
[INFO] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ GitLab gemnasium-python analyzer v2.19.0
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ inspect directory: .
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip ignored directory: .git
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip excluded path: tests
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ electing pip for pypi because this is the first match
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ electing pip for pypi because this is the first match
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip other directories
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ Exporting dependencies for /builds/project_path/requirements.txt
[DEBU] [gemnasium-python] [2021-12-07T23:51:15Z] ▶ /usr/local/bin/pip install --disable-pip-version-check --find-links requirements.txt --requirement requirements.txt --no-index
Looking in links: requirements.txt
ERROR: Could not find a version that satisfies the requirement altgraph==0.17.2 (from versions: none)
ERROR: No matching distribution found for altgraph==0.17.2
exit status 1

Already attempted things:

  • Setting and not setting the python version
  • Turning DS_REMEDIATE to false → both versions still show that the python version stays the same 3.6
  • cleaning up the requirements.txt → even numpy could not be found

Is it possible that the gemnasium simply does not support python 3.8?

I am using a self-manager GitLab, version: 14.4.2-ee, Runner version: 14.4.0