Update script to use results[] from API, add a smoke test (!4) · Merge requests · GitLab.org / security-products / gitlab-depscan

Dustin Collins requested to merge whitelist-cves-1 into master Jan 29, 2020

This script appears to be broken because the https://cve.circl.lu API has changed.

https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/6345910

Checking dependencies for known CVEs
Dependency                                                             Status    
zlib/cacf7f1d4e3d44d871b605da3b647f07d718623f                          Vulnerable
jq: error (at <stdin>:1): Cannot index array with string "id"

Since we're ignoring failures though, this job passes.

This MR updates the tool to work with the new cve.circl.lu API.

I added a pipeline with a bats smoke test to verify this is working as expected.

Update script to use results[] from API, add a smoke test

Merge request reports