Automatic validation of JSON Security Reports

Problem to solve

We need to provide a way to automatically validate any security report, by leveraging the JSON Schema done in #34652 (closed).

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

Further details

Proposal

Multiple options to explore:

• implement validation on the Rails side when a report is parsed
• implement validation on the Go side when a report is generated by an analyzer
• compliance with the JSON schema for Secure reports could be tested as part of QA, in the CI pipelines of the scanners we (GitLab Secure backend teams) maintain. #216901 (closed)

Permissions and Security

Documentation

Testing

The QA specs should be updated by the SET to introduce JSON validation against the schemas. All generated JSON should be valid.

Any unit test spec updates would be updated by the engineer.

What does success look like, and how can we measure that?

What is the type of buyer?

GitLab Ultimate mostly, could be for Core users too for SAST with #32602 (closed)

Links / references