Allow setting location of vulnerability to software definitions in omnibus-gitlab
What does this MR do?
Provide an option for omnibus-gitlab
to control what puts as location
in a vulnerability report. As seen from https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6441, using version-manifest.json
as a value takes you to a non-existent location, because that file is not checked in to the repo, and instead is an artifact. A better value would be the software definition file of the component, which is synonymous to Gemfile.lock
or yarn.lock
for other "package managers".
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Julian Thome