Add vulnerability scanning capability to the new DS analyzer by using the on demand DS scan API
Why are we doing this work
To complete Bring security scan results back into the Depen... (&17150 - closed) we must update the dependency-scanning analyzer to do the following:
- Take all the SBOM document generated in the dependency detection phase
- Send them to the DS on demand scan API (async API supporting one SBOM file per request). Issue TBD, see PoC here.
- Collect the results
- Expose them as a dependency-scanning report artifact in the new DS CI job.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: