Adopt security report schema 15-0-0 in Container Scanning

Why are we doing this work

The security report schema version 15-0-0 will be released in GitLab %15.4. Previous versions will be deprecated in GitLab %15.8 for removal in %16.0.

The reports produced by the container scanning analyzer must be updated to adopt schema version 15-0-0 or later.

DRI: @adamcohen

Relevant links

• 15-0-0 changelog

Implementation plan

⚠ The MR to output 15-0-0 report has already been merged and then reverted

We might want to take the same approach as #368148 (closed)

1. Add a CS_SCHEMA_MODEL configuration option to the container scanning environment.

   • def cs_schema_model

2. Update the converter to use schema version 15.0.0 by referencing the MR that first introduced the change. The v15 specific changes should only be done if that major version has been specified.

3. Add a spec that checks for the expected v15 report when CS_SCHEMA_MODEL is set to 15.

   • when CS_SCHEMA_MODEL is set to 15

4. Update the Container Scanning CI template and add a CS_SCHEMA_MODEL variable. Set the default to 15.

   • Set CS_SCHEMA_MODEL to 15 in Container Scanning... (!114411 - merged)

5. Update the following spec files to adhere to the version 15 schema:

   • feature-branch/gl-cluster-image-scanning-report.json
   • feature-branch/gl-container-scanning-report.json
   • master/gl-cluster-image-scanning-report.json
   • master/gl-container-scanning-report.json
   • Update container scanning expectations to schem... (!114669 - merged)

Verification steps

1. Create a project with container scanning enabled.
2. Run the container scanning job with CS_SCHEMA_MODEL set to 14.
3. Update the schema model variable to use version 15 and re-run the container scanning job.
4. Verify that the reports have been generated with the new schema model changes.

Tested here.