Document the new container scanning report

Review changes
Download
Patches
Plain diff

Adam Cohen requested to merge document-new-container-scanner-report into master Nov 15, 2019

Overview 26
Commits 2
Pipelines 3
Changes 1

What does this MR do?

This MR documents the new container scanning report format implemented as part of #32934 (closed), and uses the Reports JSON format from the dependency scanning docs as a template.

The main changes from the Reports JSON format are the following:

vulnerabilities[].severity is changed to only list the levels that klar provides, which means we're removing the Info and Undefined severity levels
vulnerabilities[].location.operating_system has been added
vulnerabilities[].location.image has been added
remediations has been simplified, since remediation data is currently an empty array

This MR should only be merged once #32934 (closed) has been closed.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Nov 15, 2019 by Adam Cohen

Merge request reports

Assignee

Reviewers

Request review from

Time tracking