Change default Vendor name to GitLab when not defined in the report
What does this MR do?
Related to #210327 (closed)
When Vendor is not provided in the Security Report vulnerabilities[].scanner.vendor
we need to fallback to GitLab
. Default value is provided in the database schema, but there is small issue with parsing the vendor: when it was not defined in the security report JSON file, it was set to empty string. This MR changes that behavior, when vendor is not provided, it is not parsed and during the creation of Vulnerabilities::Scanner
entity, database will properly set predefined default value.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Alan (Maciej) Paruszewski