Allow Gitlab to identify aggregated vulnerabilities
What does this MR do?
When Gitlab ingests the DAST JSON report, it identifies vulnerabilities by the cve. In the case that DAST has run on a project which created a number of vulnerabilities, and then DAST runs again, but this time with aggregated vulnerabilities enabled, Gitlab is unable to differentiate the aggregated vulnerabilities from the non-aggregated ones. This results in gitlab-org/gitlab#327563 (closed)
This MR updates the JSON report so that the cve for any aggregated vulnerability ends in -aggregated, allowing Gitlab to differentiate between the two.
What are the relevant issue numbers?
gitlab-org/gitlab#327563 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith