Rephrase errors in policy bot comment
Why are we doing this work
Currently, the policy bot comment errors could be misinterpreted because they contain "License scanning" in the name (which refers to the policy rule type), but the artifacts we're actually looking for are CycloneDX SBOM reports.
Proposal
Rephrase it to the following:
For scan_finding:
"Pipeline configuration error: Security reports required by policy New scans could not be found."
For license_scanning:
"Pipeline configuration error: SBOM reports required by policy Disallowed licenses could not be found."
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- Split up error messages to account for the two report types: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/security/scan_result_policies/policy_violation_details.rb#L21
Verification steps
Edited by Martin Cavoj