Update CVS spec, remove check for old vulnerability
What does this MR do and why?
Update the Continuous Vulnerability Scanning test, this test generates a new SBOM and as per #491595 (closed) the 14 day limit no longer applies, so remove the "not_to have" check.
(Note there will also be a change to GitLab QA to remove https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/fixtures/cvs/vulnerabilities_template.erb#L2 - but the change in this MR will 'ignore' it anyway)
Also remove unneccessary fixtures - the basic Dependency Scanning CI template will generate our SBOM
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Build QA image
gitlab % docker build -t gitlab/gitlab-ee-qa:cvstest --file ./qa/Dockerfile ./
- Tag GitLab image
docker pull --platform linux/x86_64 gitlab/gitlab-ee:nightly
docker tag gitlab/gitlab-ee:nightly gitlab/gitlab-ee:cvstest
- Run from GitLab-QA directory
GITLAB_LICENSE_MODE=test CHROME_DISABLE_DEV_SHM=true QA_SKIP_PULL=TRUE ./exe/gitlab-qa Test::Integration::ContinuousVulnerabilityScanning gitlab/gitlab-ee:cvstest
Edited by Will Meek