Add path to vulnerable_package_type
What does this MR do and why?
Add path to VulnerablePackage. This is a follow-up from Add gobinary and lib path for language specific... (gitlab-org/security-products/analyzers/container-scanning!3194 - merged) • Nick Ilieskou • 18.2 which added path to the container scanning security report.
References
Related issue: Add Target path to Container Scanning schema (#534804 - closed) • Zamir Martins • 18.3
Graphql query/response
Query
{
project(fullPath: "root/cs-new-files") {
vulnerabilities(first: 10) {
nodes {
location{
... on VulnerabilityLocationContainerScanning{
dependency{
package{
name
path
}
version
}
}
}
}
}
}
}Response
{
"data": {
"project": {
"vulnerabilities": {
"nodes": [
{
"location": {
"dependency": {
"package": {
"name": "curl",
"path": null
},
"version": "7.83.1-r3"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "libcurl",
"path": null
},
"version": "7.83.1-r4"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "libtasn1",
"path": null
},
"version": "4.18.0-r0"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "ghostscript",
"path": null
},
"version": "9.56.1-r0"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "curl",
"path": null
},
"version": "7.83.1-r3"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "libcurl",
"path": null
},
"version": "7.83.1-r4"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "curl",
"path": null
},
"version": "7.83.1-r3"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "stdlib",
"path": "usr/local/go/bin/go"
},
"version": "v1.21.11"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "libcrypto3",
"path": null
},
"version": "3.1.5-r0"
}
}
},
{
"location": {
"dependency": {
"package": {
"name": "libssl3",
"path": null
},
"version": "3.1.5-r0"
}
}
}
]
}
}
},
"extensions": {
"disabled_filters": []
},
"correlationId": "01K20HY4KMHC6A9NMNFYH7705G"
}How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Zamir Martins