Broken gl-container-scanning-report.json causes to show no vulnerabilities on Security Dashboard

Summary

Broken gl-container-scanning-report.json causes to show no vulnerabilities on Security Dashboard.

Steps to reproduce

1. Copy gl-container-scanning-report.json and set it to artifacts.reports.container_scanning in .gitlab-ci.yml for GitLab CI
2. Run a pipeline
3. See Project Security Dashboard

Similar procedure: #35569 (comment 271579618)

Example Project

• https://gitlab.com/tnir/trivy-ci-test (security dashboard for limited persons)

What is the current bug behavior?

Project Security Dashboard shows no vulnerabilities. (So Group/Instance Security Dashboard do)

What is the expected correct behavior?

Project Security Dashboard shows the correct vulnerabilities. (So Group/Instance Security Dashboard do)

Relevant logs and/or screenshots

https://github.com/aquasecurity/trivy-ci-test/pull/7#issuecomment-587354942 (GitLab CI/CD for GitHub)

Output of checks

This bug happens on GitLab.com (EE 12.7.0-pre f083bd5e)

Possible fixes

JSON validation is required when or after gl-container-scanning-report.json is uploaded on CI.