Spike: How can we make the uuid for findings generated by continuous vulnerability scanning indempotent

Timebox

2 days

Context

As documented in Store security findings detected in SBOMs when ... (#395704 - closed), the approach for continuous vulnerability scanning includes recreating a dependency scanning report from a CycloneDX SBoM report. During the proof of concept exploration in Draft: Add proof of concept SBOM scan class (!116739 - closed), it was discovered that UUIDs are used in the context of creating new issues from a finding. Because of this, it's expected that they remain stable/immutable. Unfortunately, during the POC this was not possible but will be required for usage in production.

Outcome

New issue created to track the implementation of the chosen solution.

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

#### POINT: This is a point

* point: This is a point

+ Point: This is a point

- pOINT: This is a point

point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

# Topic: Inline discussion topic 1

## TOPIC: **{+A Green, bolded topic+}**

### tOpIc: Another topic

Quick Actions

Action Description

/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics

/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Action	Description
`/discuss sub-topic TITLE`	Create an issue for a sub-topic. Does not work in epics
`/discuss link ISSUABLE-LINK`	Link an issuable as a child of this discussion

Last updated by this job

TOPIC Is it possible to use a field from the SBOM as a base identifier? #407794 (comment 1357603687)
TOPIC Is there a risk of introducing collisions? #407794 (comment 1357605043)
TOPIC How does GitLab::UUID.v5 generate UUIDs? #407794 (comment 1357605994)

Discoto Settings

---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited Apr 18, 2023 by Lucas Charles