Feat: Reclassify Confidence as Severity
What does this MR do?
Per gitlab-org&4004 (comment 424620928), we should remap brakeman's reported confidence field to severity.
We previously reported the brakeman level as confidence, however
according to the docs, brakeman conflates confidence and severity so we
should map both accordingly:
See https://github.com/presidentbeef/brakeman/issues/1502#issuecomment-674208184 and https://github.com/presidentbeef/brakeman#confidence-levels
In contrast to a similar change for flawfinder, the inflation of both confidence and severity implies to me that we should be remapping brakeman's confidence level to both our confidence and severity, where-as flawfinder was previously a mistake before.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Release post
Edited by Taylor McCaslin