Adopt security report schema 15-0-0 in Container Scanning
Why are we doing this work
The security report schema version 15-0-0
will be released in GitLab %15.4. Previous versions will be deprecated in GitLab %15.8 for removal in %16.0.
The reports produced by the container scanning analyzer must be updated to adopt schema version 15-0-0
or later.
DRI: @adamcohen
Relevant links
Implementation plan
15-0-0
report has already been merged and then reverted
We might want to take the same approach as #368148 (closed)
-
Add a CS_SCHEMA_MODEL
configuration option to the container scanning environment. -
Update the converter to use schema version 15.0.0 by referencing the MR that first introduced the change. The v15 specific changes should only be done if that major version has been specified. -
Add a spec that checks for the expected v15 report when CS_SCHEMA_MODEL
is set to15
. -
Update the Container Scanning CI template and add a CS_SCHEMA_MODEL
variable. Set the default to15
. -
Update the following spec files to adhere to the version 15
schema:
Verification steps
- Create a project with container scanning enabled.
- Run the container scanning job with
CS_SCHEMA_MODEL
set to14
. - Update the schema model variable to use version
15
and re-run the container scanning job. - Verify that the reports have been generated with the new schema model changes.
Tested here.