Drop support for deprecated security report schemas
What does this MR do and why?
Related issue: #351003 (closed)
We now have directories for each supported schema version:
lib/gitlab/ci/parsers/security/validators/schemas structure
gitlab/lib/gitlab/ci/parsers/security/validators/schemas on master ➜ tree -L 2
.
├── 14.0.0
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.1
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.2
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.3
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.4
│ ├── cluster-image-scanning-report-format.json
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.5
│ ├── cluster-image-scanning-report-format.json
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.0.6
│ ├── cluster-image-scanning-report-format.json
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.1.0
│ ├── cluster-image-scanning-report-format.json
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── 14.1.1
│ ├── cluster-image-scanning-report-format.json
│ ├── container-scanning-report-format.json
│ ├── coverage-fuzzing-report-format.json
│ ├── dast-report-format.json
│ ├── dependency-scanning-report-format.json
│ ├── sast-report-format.json
│ └── secret-detection-report-format.json
├── dependency-scanning-report-format.json -> 14.0.0/dependency-scanning-report-format.json
├── sast-report-format.json
└── secret-detection-report-format.jsonso we simply remove the ones that are not in a versioned subdirectory. In lib/gitlab/ci/parsers/security/validators/schema_validator.rb we added PREVIOUS_RELEASES which listed versions of https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tags which we consider unsupported in %15.0. We also used Sisense to determine other versions of the security report schema were used (KNOWN_VERSIONS_TO_REMOVE) and marked them for being unsupported as well (VERSIONS_TO_REMOVE_IN_15_0).
From %15.0 we will enforce schema validation and reports that use a version that's NOT in SUPPORTED_VERSIONS or DEPRECATED_VERSIONS will not be ingested. Reports using DEPRECATED_VERSIONS will emit a warning.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.