Draft: Support transforming GitLab SAST Report to SARIF
What does this MR do?
Currently SARIF format support is only one way, i.e., transforming a sarif file to a GitLab SAST Report.
Relating to #452028, it would nice if GitLab SAST Report can be transformed to SARIF (with an implementation plan).
This MR extends current sarif.go by
- Adding a function that transforms a GitLab SAST Report (the physical file) to SARIF;
- Adding a function that transforms a GitLab SAST Report (data structure in memory) to SARIF;
- Exporting Sarif type to allow other projects (e.g., VET) to possibly modify its Sarif output.
Testing:
- Corresponding test is added
- The validity of generated sarif file has been tested on the Sarif website.
What are the relevant issue numbers?
https://gitlab.com/gitlab-org/gitlab/-/issues/452028+s
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Ensure the report version matches the equivalent schema version -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Hua Yan