[Schema] Version 14.0.4 for report type sast is unsupported
I'm using GitLab 16.2.
I'm using this SARIF file: openscap-report.sarif
I converted it using this tool: ./sarif-converter-linux --type sast openscap-report.sarif gl-sast-report.json
And here's my .gitlab-ci.yml
used to upload it as a SAST report:
---
stages:
- build
scap:
stage: build
image:
name: alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1 # alpine official image
entrypoint: [""]
script:
- |
echo "done"
artifacts:
reports:
sast:
- "gl-sast-report.json"
The result is that GitLab fails to import the report giving these errors:
Error parsing security reports
The following security reports contain one or more vulnerability findings that could not be parsed and were not recorded. To investigate a report, download the artifacts in the job output. Ensure the security report conforms to the relevant
[Schema] Version 14.0.4 for report type sast is unsupported, supported versions for this report type are: 15.0.0, 15.0.1, 15.0.2, 15.0.4, 15.0.5, 15.0.6. GitLab will attempt to validate this report against the earliest supported versions of this report type, to show all the errors but will not ingest the report
[Schema] property '/scan' is missing required keys: end_time, start_time, status
[Schema] property '/scan/analyzer/id' is invalid: error_type=minLength
[Schema] property '/scan/analyzer/name' is invalid: error_type=minLength
[Schema] property '/scan/analyzer/vendor/name' is invalid: error_type=minLength
[Schema] property '/scan/analyzer/version' is invalid: error_type=minLength
[Schema] property '/scan/scanner/vendor/name' is invalid: error_type=minLength
[Schema] property '/scan/scanner/version' is invalid: error_type=minLength