Change Test expectation artifacts to include Tracking signatures info
What does this MR do?
Problem:
The reference/expectation SAST artifacts in the analyzer repository(qa/expect
) are generated with Tracking Calcular feature disabled by default. This was due to the decision to test the Tracking Calculator feature as an independent testcase instead of enabled-all-by-default in the integration-tests
. However, the scheduled QA orchestrator runs against downstream projects with the Tracking Calculator Feature flag(vulnerability_finding_signatures
) enabled by default, and the resultant SAST artifact is compared against the reference/expectation SAST artifact in the analyzer repository causing orchestrator jobs to fail.
Solution: As mentioned in the comment, this MR does the following:
- regenerates reference/expectation SAST artifacts with Tracking Calculator Feature Flag enabled for
c
,java
andpython
projects but notgo
since there was already a dedicated testcase for testing tracking-calculator case for the same project(go/default
) whose expectation artifact can be used in the corresponding downstream project. - modify the spec file to support the behavior of running against Tracking Calculator Feature Flag enabled.
What are the relevant issue numbers?
- Improve SAST analyzer tests (gitlab-org/gitlab#366852 - closed)
- Update the latest SAST Artifact URL across all ... (gitlab-org/gitlab#385518 - closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles