Dedupe vulnerabilities in bandit and semgrep
What does this MR do?
In this MR, we are trying to add a bandit identifier to semgrep
vulnerability. This will help us dedupe vulnerability_findings on the rails
side.
Examples of ruleID taken as input:
- rules.bandit.B502.B503
- rules.bandit.B502
- rules.bandit.B502-2
What are the relevant issue numbers?
Issue: gitlab-org/gitlab#321293 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles