GitLab Dependency Scanning (Gemnasium)
Since Gemnasium got eaten by GitLab I’m waiting for dependency scanning to move down the Tier list.
We have one project (with 3 users) that was formerly protected by Gemnasium but now it’s frankly just ridiculous.
In order to get Gemnasium (or dependency scanning) back we would have to spent >40k€ on this which was formerly 600$ with no per-user restriction. I do see that there was a project limit but I mean common.
What are we expected to do? Host a second GitLab instance with one user that just mirrors our one project as to only need to pay twice as much as before? Is that even legal? Move to a competitor or don’t have dependency scanning? Cheat the system by publicly uploading only the lock files?
What to do, what to do? Certainly not spending 40 grand a year, that’s for sure (at that point we could hire a person that does this manually).