Skip to content

Change location fingerprint calculation

Can Eldem requested to merge new-fingerprint-for-cs into master

What does this MR do?

This MR introduces new method to calculate new location fingerprint for vulnerabilities reported by container scanning. Location fingerprint currently used in MR widget to compare vulnerabilities. This is a temporary method. Once all existing records are updated in DB we will switch fingerprint_data with

new version

 def fingerprint_data
   "#{docker_image_name_without_tag}:#{package_name}"
 end             

fingerprint_data is called from Reports::Security::Locations::Base#fingerprint (template design pattern)

Details can be found in #215466 (closed) implementation plan section

There will be a follow up MR to use new_fingerprint

Related issue

#215466 (closed)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Adam Cohen

Merge request reports

Loading