Validate generated security report against the correct schema
Why are we doing this work
As mentioned in gitlab-org/security-products/analyzers/container-scanning!2583 (merged), the reports generated by the container-scanning analyzer need to comply with the corresponding version of the https://gitlab.com/gitlab-org/security-products/security-report-schemas/.
Integration tests currently use a git submodule to load schemas and for some reason it seems that this is not being updated.
Bug Behavior
This pipeline with missing required fields should fail, but does not.
Additionally, we cannot make the tests use a specific schema version.
Possible fixes
- Have the CI retrieve the schemas with
git clone
. - Fix the submodules to work correctly
Edited by Brian Williams