Create a generic security report schema
Why are we doing this work
Part of delivering the parent Epic's expected outcome item 1 is to create a new security report JSON schema as a distribution artefact in https://gitlab.com/gitlab-org/security-products/security-report-schemas.
This generic security report schema, henceforth known as the security report schema, facilitates the creation of new security analyzers without requiring a new schema, backend or frontend work. The details are explained in #233168 (closed).
Non-functional requirements
-
src/security-report-format.json
is still used as a base for all schemata. - A new major version of all schemata are released.
- The resulting schema in
dist
matches the implementation in the PoC MR. - Given the extra work required to remove the
type
property - which is required to unify schemata - this implementation is not dependent on it. See #284063 (comment 449596263)
Implementation plan
-
Generate a new schema called dist/security-report-format.json
under the security-report-schemas project. This potentially become the "unified" schema at some stage. -
Update all schemata to have the new details
field. This can be done by adding it tosrc/security-report-format.json
. -
Bump the patch version of all schemata (SchemaVer addition). -
Release new version.
Edited by Alan (Maciej) Paruszewski