Skip to content

Ignore vulnerability id field during DS, SAST QA

Fabien Catteau requested to merge ignore-vuln-id-during-qa into master

Ignore id field when comparing vulnerabilities and remediations during QA for SAST and DS.

Tested in https://gitlab.com/gitlab-org/security-products/tests/go-modules/pipelines/133201297 (DS).

Ignore the id field from vulnerabilities and remediations makes impossible to check whether remediation objects properly reference the vulnerability objects they fixed. That said, right now QA jobs and test projects don't cover Dependency Scanning auto-remediation, so we can consider this is out of scope.

This has not been ported to CS because currently it doesn't use includes-dev/qa-container_scanning.yml, and this file should thus be removed from the https://gitlab.com/gitlab-org/security-products/ci-templates project.

See gitlab-org/gitlab#36777 (closed)

Edited by 🤖 GitLab Bot 🤖

Merge request reports

Loading