Respond with finding UUID when creating Starboard vulnerability
What does this MR do and why?
Makes the Create Starboard vulnerability internal API endpoint respond with the newly created vulnerability finding UUID.
Required to implement Cluster image scanning vulnerability resolution.
Screenshots or screen recordings
n/a
How to set up and validate locally
- Create a JWT:
JWT.encode({ 'iss' => Gitlab::Kas::JWT_ISSUER }, Gitlab::Kas.secret, 'HS256')
-
Create a fresh project.
-
Create an agent and accompanying token:
agent = Project.last.cluster_agents.create(name: "test", created_by_user: User.find(1))
token = agent.agent_tokens.create(name: "test", created_by_user: User.find(1))
token.token
4. Create ./body.json
{
"vulnerability": {
"category": "cluster_image_scanning",
"name": "CVE-2030-9273",
"message": "CVE-2030-9273 in Flowdesk",
"description": "You can't navigate the capacitor without calculating the wireless SMTP driver!",
"cve": "CVE-2030-9273",
"severity": "Low",
"confidence": "High",
"solution": "If we quantify the alarm, we can get to the EXE program through the back-end SCSI microchip!",
"scanner": {
"id": "starboard_trivy",
"name": "Trivy (via Starboard Operator)"
},
"location": {
"dependency": {
"package": {
"name": "Bitchip"
},
"version": "0.62"
},
"image": "http://wisoky.io/image:latest",
"kubernetes_resource": {
"namespace": "aut",
"kind": "pod",
"name": "mtkfirkstw",
"container_name": "spfsbzwrrx",
"agent_id": "jiccusfqbu"
}
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2030-9273",
"value": "CVE-2030-9273",
"url": "http://wilkinson-beier.name/elisha.gorczany"
}
],
"links": [
"http://bins.com/zona",
"http://morar.name/juliana_lakin",
"http://murazik.info/kamilah_haag"
]
},
"scanner": {
"id": "starboard-trivy",
"name": "Trivy (via Starboard Operator)",
"url": "https://github.com/aquasecurity/trivy",
"vendor": {
"name": "GitLab"
}
}
}
- Create a Starboard vulnerability and verify the response body contains the finding UUID.
curl --request PUT --header "Gitlab-Kas-Api-Request: <JWT token>" \
--header "Authorization: Bearer <agent token>" --header "Content-Type: application/json" \
--url "http://gdk.test:3000/api/v4/internal/kubernetes/modules/starboard_vulnerability" \
--data @body.json
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #345905 (closed)
Edited by Dominic Bauer