Add scan.analyzer support to gemnasium

Proposal

Now that the report package has been updated to Add support for the `analyzer` field (gitlab-org/security-products/analyzers/report!28 - merged), we need to update gemnasium to use this version of the report package and populate the scan.analyzer object with valid details.

Implementation plan

  • bump gemnasium to use report v3.11.0 - https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/go.mod#L15
  • update gemnasium convert package to add Analyzer attribute to Config https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/blob/master/convert/convert.go#L20
  • update the metadata of each analyzer
    • https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/metadata/metadata.go
    • https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/cmd/gemnasium-maven/metadata/metadata.go
    • https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/cmd/gemnasium-python/metadata/metadata.go
  • release new version of Gemnasium

/cc @fcatteau @gonzoyumo @sam.white

Edited Aug 02, 2022 by Fabien Catteau
Assignee Loading
Time tracking Loading