Use report schema v15.0.0
What does this MR do?
Re-implementing !41 (merged)
Modifies CurrentVersion()
so generated reports default to version 15.0.0
of the Security Report Schema. This is consistent with the shape of the generated report after !38 (merged) was merged.
This impetus for this change is that groupstatic analysis analysers use the compare_reports script for QA tests, which extracts the version
out of the generated report in order to fetch the corresponding schema to validate it against. When the report
package is upgraded in these analysers (and they begin to generate v15.0.0
compliant reports), version: "14.0.4"
is still being specified in the generated reports. This causes schema validation to fail in some cases, notably because cve
is a required property in 14.x
, but the changes to the report package for 15.x
support omits the cve
field entirely if it's empty.
There's some additional context on Slack.
What are the relevant issue numbers?
gitlab-org/gitlab#375364 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Ensure the report version matches the equivalent schema version -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer