Add container_repository url to vulnerability location
What does this MR do and why?
Add registry id to vulnerability location.
Add registry URL to vulnerability location in serializer.
This information will be used to create the url of registry by frontend. ex: https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning/container_registry/5931820
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshot
Steps to test
- Enable
container scanning for registryin the security configuration. - Push a container image to the registry to trigger a scanning job.
- After the job completes, wait for a new advisory to identify the new vulnerability, OR you can:
- Run the following in the Rails console:
occurrence = Sbom::Occurrence.last affected_components = [Gitlab::VulnerabilityScanning::PossiblyAffectedComponent.from_sbom_occurrence(occurrence)] advisory = FactoryBot.build(:vs_advisory) response = ::Security::VulnerabilityScanning::CreateVulnerabilityService.execute(advisory: advisory, affected_components: affected_components)
- Run the following in the Rails console:
- This code will create a vulnerability.
- In rails console check
vulnerability.location; it should display the registry URL. - Visit the vulnerability report page and check the browser console output for the new field in the response of Get /vulnerabilities/:id.
Related to #443879 (closed)
Edited by Aditya Tiwari