Commit 6a6dfb04 authored by Russell Dickenson's avatar Russell Dickenson Committed by Nick Gaskill

Add Dependency Scanning tip

parent 5ca5f2a4
...@@ -946,3 +946,18 @@ include: ...@@ -946,3 +946,18 @@ include:
variables: variables:
DS_DISABLE_DIND: "true" DS_DISABLE_DIND: "true"
``` ```
### Message `<file> does not exist in <commit SHA>`
When the `Location` of a dependency in a file is shown, the path in the link goes to a specific Git
SHA.
If the lock file that our dependency scanning tools reviewed was cached, however, selecting that
link redirects you to the repository root, with the message:
`<file> does not exist in <commit SHA>`.
The lock file is cached during the build phase and passed to the dependency scanning job before the
scan occurs. Because the cache is downloaded before the analyzer run occurs, the existence of a lock
file in the `CI_BUILDS_DIR` directory triggers the dependency scanning job.
We recommend committing the lock files, which prevents this warning.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment