Draft: Remove misleading deprecation notice for the cve property (!95) · Merge requests · GitLab.org / security-products / Security Report Schemas

Olivier Gonzalez requested to merge gonzoyumo-master-patch-54421 into master Dec 10, 2021

What does this MR do?

The cve property is not yet Deprecated totally.

The cve was initially used for 2 purposes: matching finding with "Feedback" and matching finding with "Remediations". The later usage has been replaced with vulnerabilities[].id as part of gitlab-org/gitlab#36777 (closed). The former is still pending and tracked with gitlab-org&2791.

While the schema still declares that property as required, the deprecation notice in the description misleads some users. It should be added back once the field is no longer required by the schema.

Availability and Testing

Review and add/update tests for this feature/bug

Approvals

groupcomposition analysis (add your name when approving)
groupstatic analysis (add your name when approving)
groupdynamic analysis (add your name when approving)
groupthreat insights (add your name when approving)
~"group::container security" (add your name when approving)

Edited Dec 10, 2021 by Olivier Gonzalez

Draft: Remove misleading deprecation notice for the cve property

What does this MR do?

Availability and Testing

Approvals

Merge request reports