Use the new `id` property instead of `cve` for remediations when parsing common security report format

Problem to solve

After the addition of the new id property to replace the legacy cve one, we need to leverage it when parsing the security reports in the rails backend.

Intended users

Further details

Proposal

update the common security parser to use id instead of cve if available when handling remediations. We should fallback to cve if there is no id.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

report submitted with an id property for vulnerabilities and remediations are correctly parsed by the rails application

What is the type of buyer?

GitLab Ultimate

Links / references

Implementation plan

change common parser to adapt id instead of cve where possible

Edited Mar 19, 2020 by Can Eldem