diff --git a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js index 820fdb97d438f96a75ab60dd67bbe0a19618dea7..68d72c8572ba91cbb209a8ba69d3df5946772b88 100644 --- a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js +++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js @@ -79,7 +79,7 @@ export const parseDependencyScanningIssues = (issues = [], feedbacks = [], path ...issue, category: 'dependency_scanning', // TODO: replace with issue.project_fingerprint - project_fingerprint: sha1(issue.cve), + project_fingerprint: sha1(issue.cve || issue.message), name: issue.message, path: issue.file, urlPath: issue.line ? `${path}/${issue.file}#L${issue.line}` : `${path}/${issue.file}`, diff --git a/spec/javascripts/vue_shared/security_reports/store/utils_spec.js b/spec/javascripts/vue_shared/security_reports/store/utils_spec.js index 4cb0b6dcbdd4f8165139edf5232d231e6a311dac..7d2febf1cefc9ed97266766de6ff9d9f85682d01 100644 --- a/spec/javascripts/vue_shared/security_reports/store/utils_spec.js +++ b/spec/javascripts/vue_shared/security_reports/store/utils_spec.js @@ -80,6 +80,15 @@ describe('security reports utils', () => { expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].cve)); }); + it('uses message to generate sha1 when cve is undefined', () => { + const issuesWithoutCve = dependencyScanningIssues.map(issue => ({ + ...issue, + cve: undefined, + })); + const parsed = parseDependencyScanningIssues(issuesWithoutCve, [], 'path')[0]; + expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].message)); + }); + it('includes vulnerability feedbacks', () => { const parsed = parseDependencyScanningIssues( dependencyScanningIssues,