Ignore vulnerability id field during DS, SAST QA
Ignore id
field when comparing vulnerabilities
and remediations
during QA for SAST and DS.
Tested in https://gitlab.com/gitlab-org/security-products/tests/go-modules/pipelines/133201297 (DS).
Ignore the id
field from vulnerabilities and remediations makes impossible to check whether remediation objects properly reference the vulnerability objects they fixed. That said, right now QA jobs and test projects don't cover Dependency Scanning auto-remediation, so we can consider this is out of scope.
This has not been ported to CS because currently it doesn't use includes-dev/qa-container_scanning.yml
, and this file should thus be removed from the https://gitlab.com/gitlab-org/security-products/ci-templates project.
Edited by 🤖 GitLab Bot 🤖