Integrate Container Scanning properties into the Security Products Common format
Problem to solve
The Common project defines an API for Security Products to generate a common report format. This Go library is not yet leveraged by Container Scanning and we currently don't document its specificities about the report format.
Target audience
-
Delaney, Development Team Lead, https://design.gitlab.com/research/personas#persona-delaney
-
Sasha, Software Developer, https://design.gitlab.com/research/personas#persona-sasha
Further details
Before communicating publicly our report format, we need to make sure it covers all our usages.
Proposal
Improve the common
library to allow it to build a Container Scanning compatible report, and document the expected output format.
Implementation Plan
Add the following properties to the Location struct
.vulnerabilities[].location.image
.vulnerabilities[].location.operating_system
Add ArtifactNameContainerScanning
to command/run.go
What does success look like, and how can we measure that?
One can use the common
library to generate a Container Scanning report, that can be processed by GitLab rails backend.