extend json schema - allow directions on if and where to link vulnerability location.file
The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Release notes
Problem to solve
cached files give an error
Proposal
extending json schema and discuss the new field (don't link me) and if that should be in generic and where and called what and if anyone else needs it, start with TI but move it to SCA if only DS needs it (CS i don't think runs into a problem of people removing containers? maybe?)
Assuming this new field/structure is optional, I think it makes sense to include it in the generic/base schema so it is available for any other scanners—especially external ones—that might benefit from it.
documentation
update third-party integration docs and any of our own docs
Availability & Testing
This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
- Unit test changes
- Integration test changes
- End-to-end test change
See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning
Is this a cross-stage feature?
Category:Container Scanning @sam.white
Category:SAST @tmccaslin
groupthreat insights @matt_wilson