Allow Gitlab to identify aggregated vulnerabilities
What does this MR do?
When Gitlab ingests the DAST JSON report, it identifies vulnerabilities by the cve
. In the case that DAST has run on a project which created a number of vulnerabilities, and then DAST runs again, but this time with aggregated vulnerabilities enabled, Gitlab is unable to differentiate the aggregated vulnerabilities from the non-aggregated ones. This results in gitlab-org/gitlab#327563 (closed)
This MR updates the JSON report so that the cve for any aggregated vulnerability ends in -aggregated
, allowing Gitlab to differentiate between the two.
What are the relevant issue numbers?
gitlab-org/gitlab#327563 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith