Fix broken vulnerability ID in remediations
What does this MR do?
Fix broken vulnerability ID in remediations.
-
remediateReport
now takes thereport.Report
along with the affected files returned by the scanner. - It uses the report to find vulnerabilities that match affections that have been cured, and get their
ID
. This is implemented in a local function namedvulnID()
. - Remediations are directly added to the report, instead of being returned.
What are the relevant issue numbers?
Gemnasium analyzer generates different id for r... (gitlab-org/gitlab#430922 - closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau