Add dependency list to report (!13) · Merge requests · GitLab.org / security-products / analyzers / gemnasium · GitLab

What does this MR do?

Add the dependency list in the Dependency Scanning report using the dependency_files key introduced in common!35 (merged)

update scanner/parser and its modules to return the packager of a dependency file
update scanner to propagate the package to the source
update convert sub-package to extract the dependency files
refactor the main and convert in order to share the same code b/w gemnasium-python, gemnasium-maven and this very analyzer

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ee/issues/10071

Does this MR meet the acceptance criteria?

Changelog entry added
[-] Documentation created/updated for GitLab EE, if necessary
[-] Documentation created/updated for this project, if necessary
[-] Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
[-] Job definition updated, if necessary
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖