Remove the `dependency_files` property from the Security Report Schema
Why are we doing this work
Following our migration toward SBOM report as the source of components and the decision to deprecate and remove the dependency_files
property of the Dependency Scanning report, we now need to effectively drop that property from the Security Report Schema and release a new version of it.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
remove the dependency_files
property from the DS Schema: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/dependency-scanning-report-format.json?ref_type=heads#L20-29 -
remove the dependency_files
definition: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/security-report-format.json#L220-244 -
update the tests: -
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/test/test-dependency-scanning.sh -
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/test/unit/dependency_scanning_schema_spec.js -
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/test/unit/builders/dependency_scanning/index.js -
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/test/unit/builders/dependency_scanning/report.js
-
-
Release a new version ( REVISION
per the guideline) -
vendor the new version in the rails app
Verification steps
Edited by Olivier Gonzalez