Resolve vulnerabilities for each scanner in a security report (!112868) · Merge requests · GitLab.org / GitLab

mo khan requested to merge 391396/multiple-scanners-per-report into master Feb 23, 2023

What does this MR do and why?

In #391396 (comment 1286713065) we detected that older security reports can include results from multiple scanners. #382625 (closed) included a change that assumes that a security report would only include data from a single scanner. The change in this MR attempt to resolve this by resolving vulnerabilities for multiple scanners when a security report includes multiple scanners.

How to set up and validate locally

Create empty project
Add fixture files ./qa/qa/ee/fixtures/fix_vulnerability_workflow_premade_reports/gl-dependency-scanning-report-1.json and ./qa/qa/ee/fixtures/fix_vulnerability_workflow_premade_reports/gl-dependency-scanning-report-2.json
Run a pipeline that declares report 1
Run another pipeline that declares report 2

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 23, 2023 by mo khan

Resolve vulnerabilities for each scanner in a security report

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports