From eb98aaf240dda68c96ba9574a7732e5cbfd9f28e Mon Sep 17 00:00:00 2001 From: Connor Gilbert <cgilbert@gitlab.com> Date: Wed, 16 Feb 2022 04:12:42 +0000 Subject: [PATCH] Deprecation: SAST support for .NET 2.1 --- data/deprecations/14-8-sast-dotnet-21.yml | 31 +++++++++++++++++++++++ doc/update/deprecations.md | 30 ++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 data/deprecations/14-8-sast-dotnet-21.yml diff --git a/data/deprecations/14-8-sast-dotnet-21.yml b/data/deprecations/14-8-sast-dotnet-21.yml new file mode 100644 index 0000000000000..ab1b3c16b23f7 --- /dev/null +++ b/data/deprecations/14-8-sast-dotnet-21.yml @@ -0,0 +1,31 @@ +- name: "SAST support for .NET 2.1" + announcement_milestone: "14.8" + announcement_date: "2022-02-22" + removal_milestone: "15.0" + removal_date: "2022-05-22" + breaking_change: true + reporter: connorgilbert + body: | # Do not modify this line, instead modify the lines below. + The GitLab SAST Security Code Scan analyzer scans .NET code for security vulnerabilities. + For technical reasons, the analyzer must first build the code to scan it. + + In GitLab versions prior to 15.0, the default analyzer image (version 2) includes support for: + + - .NET 2.1 + - .NET 3.0 and .NET Core 3.0 + - .NET Core 3.1 + - .NET 5.0 + + In GitLab 15.0, we will change the default major version for this analyzer from version 2 to version 3. This change: + + - Adds [severity values for vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/issues/350408) along with [other new features and improvements](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan/-/blob/master/CHANGELOG.md). + - Removes .NET 2.1 support. + - Adds support for .NET 6.0, Visual Studio 2019, and Visual Studio 2022. + + Version 3 was [announced in GitLab 14.6](https://about.gitlab.com/releases/2021/12/22/gitlab-14-6-released/#sast-support-for-net-6) and made available as an optional upgrade. + + If you rely on .NET 2.1 support being present in the analyzer image by default, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352553#breaking-change). +# The following items are not published on the docs page, but may be used in the future. + stage: Secure + tiers: [Free, Silver, Gold, Core, Premium, Ultimate] + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352553 diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 4768a729cb2da..058b927e96669 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -1113,6 +1113,36 @@ If you applied customizations to any of the affected analyzers, you must take ac **Planned removal milestone: 15.0 (2022-05-22)** +### SAST support for .NET 2.1 + +WARNING: +This feature will be changed or removed in 15.0 +as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes). +Before updating GitLab, review the details carefully to determine if you need to make any +changes to your code, settings, or workflow. + +The GitLab SAST Security Code Scan analyzer scans .NET code for security vulnerabilities. +For technical reasons, the analyzer must first build the code to scan it. + +In GitLab versions prior to 15.0, the default analyzer image (version 2) includes support for: + +- .NET 2.1 +- .NET 3.0 and .NET Core 3.0 +- .NET Core 3.1 +- .NET 5.0 + +In GitLab 15.0, we will change the default major version for this analyzer from version 2 to version 3. This change: + +- Adds [severity values for vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/issues/350408) along with [other new features and improvements](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan/-/blob/master/CHANGELOG.md). +- Removes .NET 2.1 support. +- Adds support for .NET 6.0, Visual Studio 2019, and Visual Studio 2022. + +Version 3 was [announced in GitLab 14.6](https://about.gitlab.com/releases/2021/12/22/gitlab-14-6-released/#sast-support-for-net-6) and made available as an optional upgrade. + +If you rely on .NET 2.1 support being present in the analyzer image by default, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352553#breaking-change). + +**Planned removal milestone: 15.0 (2022-05-22)** + ### Support for gRPC-aware proxy deployed between Gitaly and rest of GitLab WARNING: -- GitLab