Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--report-gitlab, a new report schema used for CI Component in gitlab #404

Open
KunalSin9h opened this issue Mar 20, 2025 · 2 comments · May be fixed by #419
Open

--report-gitlab, a new report schema used for CI Component in gitlab #404

KunalSin9h opened this issue Mar 20, 2025 · 2 comments · May be fixed by #419
Assignees
@KunalSin9h
Labels
enhancement New feature or request

Comments

@KunalSin9h
Copy link
Member

KunalSin9h commented Mar 20, 2025
edited
Loading

Documentation: https://docs.gitlab.com/development/integrations/secure/#report
Report Format Fields: https://docs.gitlab.com/development/integrations/secure/#report-fields

since vet is SCA, we only need to see dependency_scanning format.

Json Schema: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/dependency-scanning-report-format.json

Gitlab component implementation approach: #314 (comment)
@KunalSin9h KunalSin9h added the enhancement New feature or request label Mar 20, 2025
@KunalSin9h KunalSin9h mentioned this issue Mar 20, 2025
Open
@abhisek
Copy link
Member

abhisek commented Mar 20, 2025

@KunalSin9h Does Gitlab use difference JSON for different type of tools like SAST, SCA etc. ? vet has features beyond conventional SCA so want to know how the gitlab specific reporting will evolve

@KunalSin9h
Copy link
Member Author

KunalSin9h commented Mar 20, 2025
edited
Loading

@abhisek looking at scehma and docs it seems like most of them are similar, see Report Fields

but they do have different types of security scanners, which can be used simultaneously.

Image

@KunalSin9h KunalSin9h self-assigned this Mar 20, 2025
@KunalSin9h KunalSin9h linked a pull request Mar 24, 2025 that will close this issue
Open
@KunalSin9h KunalSin9h changed the title --report-sca-gitlab, a new report schema used for CI Component in gitlab --report--gitlab, a new report schema used for CI Component in gitlab Mar 25, 2025
@KunalSin9h KunalSin9h changed the title --report--gitlab, a new report schema used for CI Component in gitlab --report-gitlab, a new report schema used for CI Component in gitlab Mar 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KunalSin9h KunalSin9h

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat/gitlab report safedep/vet
2 participants
@abhisek @KunalSin9h