Validate security report artifact against vendored versions
Why are we doing this work
We want to clearly communicate to users whenever a security report artifact does not validate against a supported schema or has other parsing errors.
In order to do this, all supported schemas will be vendored into the GitLab rails application, as discussed as part of #322681 (closed).
Relevant links
Non-functional requirements
-
Documentation: update accordingly https://docs.gitlab.com/ee/development/integrations/secure.html#enable-report-validation -
Feature flag: enforce_security_report_validation
this needs a FF so we can give analyzer teams a chance to comply with the schemas before breaking ingestion -
Performance: -
Testing:
Implementation plan
-
backend Create
enforce_security_report_validation
feature flag definition -
backend Adjust
ee/app/models/ee/ci/build.rb
so thatvalidate_schema?
returnstrue
ifenforce_security_report_validation
is enabled -
backend Adjust
lib/gitlab/ci/parsers/security/validators/schema_validator.rb
so it adds a warning/error if the schema used is deprecated/not found - backend Adjust specs
Edited by Michał Zając