Generate vulnerability ID
What does this MR do?
Customize JSON marshaling in order to add an id
field to vulnerabilities. The id
is the SHA-256 hash of a string that combines all the fields of the Issue
struct, and that excludes id
since it's not a struct field. Ideally the id
should be a randomly generated UUID but right now it has to be predictable because of the current implementation of klar and gemnasium - see dedicated discussion.
- Bump minor of format version
- Add new
Issue.ID()
function - Add new
id
field to JSON vulnerabilities, dynamically set toIssue.ID()
- Add
Ref.ID
, to be serialized asid
- Provide helper function
NewRef
to easily create references - Say about
CompareKey
being deprecated, in the code comments
What are the relevant issue numbers?
gitlab-org/gitlab#36777 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added - [-] Documentation created/updated for GitLab EE, if necessary
- [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
-
Tests added for this feature/bug; See integration tests - [-] Job definition updated, if necessary
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by 🤖 GitLab Bot 🤖