Fix description value of vulnerability report
What does this MR do?
Take the description of vulnerability from identifier instead of message.text
I took advantage of the already existing iteration of kics's vulnerabilities , in order to overwrite the description attribute, using the identifer.name instead of the default behavior of sarif.go that uses the result.message.text .
There is no point of changing this specific behaviour at sarif.go by adding a condition thats checks if the analyzer is kics , then use the identifer.name instead of message.text, as we know this is a shared package that more than 1 analyzer is using .
it makes the change much smaller and impactful .
What are the relevant issue numbers?
gitlab-org/gitlab#381652 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith