Introduce security report diffs
What does this MR do?
Introduce security report diffs.
- Allow to compare two reports to get the list of added, existing, and fixed vulnerabilities.
- Provides a
Security::CompareReportsBaseService
that relies on primary identifier and location fingeprints to compare vulnerabilities. - Provides a
Security::CompareReportsSastService
that leverages the git diff to improve matching for SAST reports.
This is a preliminary step (#3
) for upcoming changes regarding https://gitlab.com/gitlab-org/gitlab-ee/issues/7586
List of MRs:
- Use POROs for security report vulnerabilities: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10417
- Add locations POROs for vulnerabilities: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10508
- Introduce security report diffs: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10559
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process. -
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -
Security reports checked/validated by reviewer
Edited by Olivier Gonzalez