Skip to content

Update CVS spec, remove check for old vulnerability

Will Meek requested to merge cvs_spec_updates into master

What does this MR do and why?

Update the Continuous Vulnerability Scanning test, this test generates a new SBOM and as per #491595 (closed) the 14 day limit no longer applies, so remove the "not_to have" check.

(Note there will also be a change to GitLab QA to remove https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/fixtures/cvs/vulnerabilities_template.erb#L2 - but the change in this MR will 'ignore' it anyway)

Also remove unneccessary fixtures - the basic Dependency Scanning CI template will generate our SBOM

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Build QA image
gitlab % docker build -t gitlab/gitlab-ee-qa:cvstest --file ./qa/Dockerfile ./
  1. Tag GitLab image
docker pull --platform linux/x86_64 gitlab/gitlab-ee:nightly
docker tag gitlab/gitlab-ee:nightly gitlab/gitlab-ee:cvstest
  1. Run from GitLab-QA directory
GITLAB_LICENSE_MODE=test CHROME_DISABLE_DEV_SHM=true QA_SKIP_PULL=TRUE ./exe/gitlab-qa Test::Integration::ContinuousVulnerabilityScanning gitlab/gitlab-ee:cvstest
Edited by Will Meek

Merge request reports

Loading