Handle new Container Scanning report format

Review changes
Download
Patches
Plain diff

Adam Cohen requested to merge add-rails-parser-for-new-cs-report-format into master Oct 24, 2019

Overview 32
Commits 7
Pipelines 18
Changes 13

What does this MR do?

This MR adds support for handling the new CS report format which uses the Security Products Common Format

The following changes have been made:

Deprecate current clair-scanner formatted gl-container-scanning-report.json fixture file
Add new gl-container-scanning-report.json fixture file formatted using Security Products Common Format
Add conditional to rails parser to check for the existence of an image field in the container scanning report file. If this field exists, we parse the deprecated clair-scanner formatted report, otherwise we don't parse the report since it's already in the new Security Products Common Format.

Closes #33825 (closed)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation created/updated or follow-up review issue created
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Oct 31, 2019 by Adam Cohen

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking