Integrate Container Scanning properties into the Security Products Common format

Problem to solve

The Common project defines an API for Security Products to generate a common report format. This Go library is not yet leveraged by Container Scanning and we currently don't document its specificities about the report format.

Target audience

Delaney, Development Team Lead, https://design.gitlab.com/research/personas#persona-delaney
Sasha, Software Developer, https://design.gitlab.com/research/personas#persona-sasha

Further details

Before communicating publicly our report format, we need to make sure it covers all our usages.

Proposal

Improve the common library to allow it to build a Container Scanning compatible report, and document the expected output format.

Implementation Plan

Add the following properties to the Location struct

.vulnerabilities[].location.image
.vulnerabilities[].location.operating_system

Add ArtifactNameContainerScanning to command/run.go

What does success look like, and how can we measure that?

One can use the common library to generate a Container Scanning report, that can be processed by GitLab rails backend.

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Oct 04, 2019 by Adam Cohen