Draft: Add code_flows property to SAST vulnerability
What does this MR do?
Adds an optional property to the SAST report format - code_flows.
This field will be used to hold cross-function cross-file results with source -> propagation -> propagation... -> propagation -> sink like flows.
What are the relevant issue numbers?
https://gitlab.com/gitlab-org/gitlab/-/issues/455559+s
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/issues/21+s
Checklist
-
Ensure changes can be built upon without requiring a breaking change, see Building for Extensibility. -
Review and add/update tests for this feature/bug. -
Add an entry to the CHANGELOG if required, with the appropriate version. See Classifying Changes. -
Assign the MR to the appropriate person/people for review.