Upgrade SAST analyzers to v3.15.5 of report module
Summary
The gitlab.com/gitlab-org/security-products/analyzers/report/v3
go module before v3.15.4 did not generate reports that passed the security report v14 schema validation. This causes ingested reports to error out when no dependency files have been found.
Steps to reproduce
- Run dependency scan on a project that does not include a parseable lock file. For example, a Ruby project with a Gemfile but no Gemfile.lock.
- Verify that the security tab mentions that the
dependency_files
field is required but not provided.
What is the current bug behavior?
The schema validation does not pass when no scannable dependency files are found e.g. Gemfile.lock.
What is the expected correct behavior?
The report should output an empty array or null value when no dependency_files
are found.
Fix
Upgrade all SAST analyzers that use versions >= v3.14.0 and <= 3.15.3 of gitlab.com/gitlab-org/security-products/analyzers/report/v3
to v3.15.4 (or later).
Edited by Oscar Tovar