From 278e0855413dc361f88c69bb53377fe8baed236d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thiago=20Figueir=C3=B3?= <tfigueiro@gitlab.com>
Date: Tue, 11 Feb 2025 18:31:11 +0000
Subject: [PATCH] Deprecate support for SpotBugs build

---
 data/deprecations/17-9-spotbugs-builds.yml | 23 ++++++++++++++++++++++
 doc/update/deprecations.md                 | 23 ++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 data/deprecations/17-9-spotbugs-builds.yml

diff --git a/data/deprecations/17-9-spotbugs-builds.yml b/data/deprecations/17-9-spotbugs-builds.yml
new file mode 100644
index 0000000000000..1f23e83b97403
--- /dev/null
+++ b/data/deprecations/17-9-spotbugs-builds.yml
@@ -0,0 +1,23 @@
+- title: "Support for project build as part of SpotBugs scans"
+  removal_milestone: "18.0"
+  announcement_milestone: "17.9"
+  breaking_change: false
+  window: 1 # Note: a change window is not applicable to a non-breaking change
+  reporter: thiagocsf
+  stage: application security testing
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/513409
+  impact: low
+  scope: project
+  resolution_role: Developer
+  manual_task: true
+  body: |  # (required) Don't change this line.
+    The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/index.html#supported-languages-and-frameworks)
+    can perform a build when the artifacts to be scanned aren't present. While this usually works well for simple projects, it can fail on more complex builds.
+
+    From GitLab 18.0, to resolve SpotBugs analyzer build failures, you should:
+
+    1. [Pre-compile](https://docs.gitlab.com/ee/user/application_security/sast/#pre-compilation) the project.
+    1. Pass the artifacts you want to scan to the analyzer.
+  end_of_support_milestone: 18.0
+  tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/user/application_security/sast/troubleshooting.html#project-couldnt-be-built
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 4031cb18a1ced..6d3c9fd6680d5 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -1587,6 +1587,29 @@ SLES 15 SP6 for continued support.
 
 </div>
 
+<div class="deprecation " data-milestone="18.0">
+
+### Support for project build as part of SpotBugs scans
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.9</span>
+- End of Support in GitLab <span class="milestone">18.0</span>
+- Removal in GitLab <span class="milestone">18.0</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/513409).
+
+</div>
+
+The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/index.html#supported-languages-and-frameworks)
+can perform a build when the artifacts to be scanned aren't present. While this usually works well for simple projects, it can fail on more complex builds.
+
+From GitLab 18.0, to resolve SpotBugs analyzer build failures, you should:
+
+1. [Pre-compile](https://docs.gitlab.com/ee/user/application_security/sast/#pre-compilation) the project.
+1. Pass the artifacts you want to scan to the analyzer.
+
+</div>
+
 <div class="deprecation breaking-change" data-milestone="18.0">
 
 ### The GitLab legacy requirement IID is deprecated in favor of work item IID
-- 
GitLab