Enable Suggested Solution (was Auto Remediation) for Container Scanning
Problem to solve
Output remediation fields in container scanning report in order to allow us to implement Basic auto-remediation process.
See #9384 (closed) for more details
Target audience
- Sasha, Software Developer
- Sam, Security Analyst
Further details
By outputting remediation fields in the container scanning report, we can eventually support building a UI to allow customers to create merge requests to apply the vulnerability fixes.
Implementation Plan
Backend - person
-
Update GitLab klar to include a separate remediation entry for each vulnerability provided by klar that has a fixedby
field -
Add tests for the above code changes -
Test behaviour in the container scanning test project
Documentation - person
-
Update the GitLab Container Scanning Documentation to include details about remediation fields in the container scanning report, similar to the Auto-remediation section of Dependency Scanning
@NicoleSchwartz
Product Management --
No Release Post (this is enabling but not useable yet)
Edited by Nicole Schwartz