Reports produced by DAST 3.0.60 cannot be ingested by GitLab 15.4.0-ee
Problem
A security report produced by dast
3.0.60
, using schema 15.0.2
, cannot be ingested by gitlab
15.4.0-ee
due to a schema validation error.
The problem doesn't occur on gitlab.com, where schema 15.0.2
is available. This suggests a problem with Validate security report schema using the lates... (#351519 - closed), but this hasn't been confirmed.
[Schema] property '/vulnerabilities/0' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/0/evidence/request/headers/10/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/0/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/1' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/2' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/3' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/3/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/3/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/4' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/4/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/4/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/5' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/5/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/5/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/6' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/6/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/6/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/7' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/7/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/7/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/8' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/8/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/8/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/9' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/9/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/9/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/10' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/10/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/10/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/11' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/11/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/11/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/12' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/12/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/12/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/13' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/13/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/13/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/14' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/14/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/14/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/15' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/15/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/15/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/16' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/16/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/16/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/17' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/17/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/17/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/18' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/18/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/18/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/19' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/19/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/19/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/20' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/20/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/20/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/21' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/21/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/21/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/22' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/22/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/22/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/23' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/23/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/23/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/24' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/24/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/24/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/25' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/25/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/25/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/26' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/26/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/26/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/27' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/27/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/27/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/28' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/28/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/28/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/29' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/29/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/29/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/30' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/30/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/30/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/31' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/31/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/31/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/32' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/32/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/32/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/33' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/33/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/33/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/34' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/34/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/34/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/35' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/35/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/35/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/36' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/36/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/36/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/37' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/37/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/37/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/38' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/38/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/38/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/39' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/39/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/39/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/40' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/40/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/40/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/41' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/41/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/41/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/42' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/42/evidence/request/headers/12/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/42/evidence/request/headers/14/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/43' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/43/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/43/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/44' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/44/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/44/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/45' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/45/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/45/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/46' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/46/evidence/request/headers/11/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/46/evidence/request/headers/13/value' is invalid: error_type=minLength
[Schema] property '/vulnerabilities/47' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/48' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/49' is missing required keys: category, cve, scanner
[Schema] property '/vulnerabilities/50' is missing required keys: category, cve, scanner
[Schema] This report uses a supported MAJOR.MINOR schema version but the PATCH version doesn't match any vendored schema version. Validation will be attempted against version 15.0.0
Workaround
pin to dast
3.0.46
:
stages:
- dast
include:
- template: DAST.gitlab-ci.yml
dast:
variables:
DAST_VERSION: "3.0.46"
Related Issues
- Upgrade the DAST JSON report to schema 15.x.x
- Validate security report schema using the latest ADDITION version available
Implementation plan
- Adjust
lib/gitlab/ci/parsers/security/validators/schema_validator.rb
so it attempts to read schema from the correct path
Edited by Michał Zając