Add class to build container scanning findings
Why are we doing this work
The service to create a vulnerability requires a class to build the container scanning
finding. Container scanning findings have differences from dependency scanning findings,
so they'll require a builder class that can create a finding that's equivalent to one
created by the container-scanning
analyzer.
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: Verify that similar findings from a container scanning report do not produce diffs when compared.
Implementation plan
See this MR for a starting point.
-
Update Gitlab::VulnerabilityScanning::FindingBuilder#for_report_type to include the container_scanning
report type. -
Add CONTAINER_SCANNING_PURL_TYPES
, similar to how this is done for Gitlab::VulnerabilityScanning::FindingBuilder::DEPENDENCY_SCANNING_PURL_TYPES -
Update Gitlab::VulnerabilityScanning::FindingBuilder#for_purl_type to include CONTAINER_SCANNING_PURL_TYPES
purl types. -
Create Gitlab::VulnerabilityScanning::ContainerScanning::FindingBuilder
class, similar to Gitlab::VulnerabilityScanning::DependencyScanning::FindingBuilder.This new class must implement the following methods:
-
report_type
- should becontainer_scanning
-
title
-
details
-
location
-
image
- this should contain theimage_name_and_tag
available from Sbom::Source#image (method to be added by Store Container Scanning image and operating sy... (#425995 - closed) • Tetiana Chupryna • 16.6 • On track) -
operating_system
- this should contain theimage_operating_system_name_and_version
available from Sbom::Source#operating_system (method to be added by Store Container Scanning image and operating sy... (#425995 - closed) • Tetiana Chupryna • 16.6 • On track)
-
original_data
identifiers
-
-
Add and update unit tests.