gitlab-security_report_schemas 0.1.0.min15.1.0.max15.1.0 → 0.1.2.min15.0.0.max15.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +6 -9
- data/LICENSE.txt +2 -9
- data/README.md +14 -10
- data/RUNBOOK.md +28 -0
- data/Rakefile +1 -1
- data/gem_version +1 -1
- data/gitlab-security_report_schemas.gemspec +2 -2
- data/lib/gitlab/security_report_schemas/configuration.rb +2 -2
- data/lib/gitlab/security_report_schemas/version.rb +1 -3
- data/schemas/15.0.0/cluster-image-scanning-report-format.json +946 -0
- data/schemas/15.0.0/container-scanning-report-format.json +880 -0
- data/schemas/15.0.0/coverage-fuzzing-report-format.json +836 -0
- data/schemas/15.0.0/dast-report-format.json +1241 -0
- data/schemas/15.0.0/dependency-scanning-report-format.json +944 -0
- data/schemas/15.0.0/sast-report-format.json +831 -0
- data/schemas/15.0.0/secret-detection-report-format.json +854 -0
- data/schemas/15.0.1/cluster-image-scanning-report-format.json +980 -0
- data/schemas/15.0.1/container-scanning-report-format.json +914 -0
- data/schemas/15.0.1/coverage-fuzzing-report-format.json +870 -0
- data/schemas/15.0.1/dast-report-format.json +1275 -0
- data/schemas/15.0.1/dependency-scanning-report-format.json +978 -0
- data/schemas/15.0.1/sast-report-format.json +865 -0
- data/schemas/15.0.1/secret-detection-report-format.json +888 -0
- data/schemas/15.0.2/cluster-image-scanning-report-format.json +980 -0
- data/schemas/15.0.2/container-scanning-report-format.json +912 -0
- data/schemas/15.0.2/coverage-fuzzing-report-format.json +870 -0
- data/schemas/15.0.2/dast-report-format.json +1275 -0
- data/schemas/15.0.2/dependency-scanning-report-format.json +978 -0
- data/schemas/15.0.2/sast-report-format.json +865 -0
- data/schemas/15.0.2/secret-detection-report-format.json +888 -0
- data/schemas/15.0.4/cluster-image-scanning-report-format.json +984 -0
- data/schemas/15.0.4/container-scanning-report-format.json +916 -0
- data/schemas/15.0.4/coverage-fuzzing-report-format.json +874 -0
- data/schemas/15.0.4/dast-report-format.json +1279 -0
- data/schemas/15.0.4/dependency-scanning-report-format.json +982 -0
- data/schemas/15.0.4/sast-report-format.json +869 -0
- data/schemas/15.0.4/secret-detection-report-format.json +893 -0
- data/schemas/15.0.5/cluster-image-scanning-report-format.json +1035 -0
- data/schemas/15.0.5/container-scanning-report-format.json +967 -0
- data/schemas/15.0.5/coverage-fuzzing-report-format.json +925 -0
- data/schemas/15.0.5/dast-report-format.json +1330 -0
- data/schemas/15.0.5/dependency-scanning-report-format.json +1033 -0
- data/schemas/15.0.5/sast-report-format.json +920 -0
- data/schemas/15.0.5/secret-detection-report-format.json +944 -0
- data/schemas/15.0.6/cluster-image-scanning-report-format.json +1035 -0
- data/schemas/15.0.6/container-scanning-report-format.json +967 -0
- data/schemas/15.0.6/coverage-fuzzing-report-format.json +925 -0
- data/schemas/15.0.6/dast-report-format.json +1330 -0
- data/schemas/15.0.6/dependency-scanning-report-format.json +1033 -0
- data/schemas/15.0.6/sast-report-format.json +920 -0
- data/schemas/15.0.6/secret-detection-report-format.json +944 -0
- data/schemas/15.0.7/cluster-image-scanning-report-format.json +1085 -0
- data/schemas/15.0.7/container-scanning-report-format.json +1017 -0
- data/schemas/15.0.7/coverage-fuzzing-report-format.json +975 -0
- data/schemas/15.0.7/dast-report-format.json +1380 -0
- data/schemas/15.0.7/dependency-scanning-report-format.json +1083 -0
- data/schemas/15.0.7/sast-report-format.json +970 -0
- data/schemas/15.0.7/secret-detection-report-format.json +994 -0
- data/schemas/15.1.1/cluster-image-scanning-report-format.json +1065 -0
- data/schemas/15.1.1/container-scanning-for-registry-report-format.json +0 -0
- data/schemas/15.1.1/container-scanning-report-format.json +998 -0
- data/schemas/15.1.1/coverage-fuzzing-report-format.json +975 -0
- data/schemas/15.1.1/dast-report-format.json +1380 -0
- data/schemas/15.1.1/dependency-scanning-report-format.json +986 -0
- data/schemas/15.1.1/sast-report-format.json +970 -0
- data/schemas/15.1.1/secret-detection-report-format.json +994 -0
- data/schemas/15.1.2/cluster-image-scanning-report-format.json +1190 -0
- data/schemas/15.1.2/container-scanning-report-format.json +1123 -0
- data/schemas/15.1.2/coverage-fuzzing-report-format.json +1100 -0
- data/schemas/15.1.2/dast-report-format.json +1505 -0
- data/schemas/15.1.2/dependency-scanning-report-format.json +1111 -0
- data/schemas/15.1.2/sast-report-format.json +1095 -0
- data/schemas/15.1.2/secret-detection-report-format.json +1119 -0
- data/schemas/15.1.3/cluster-image-scanning-report-format.json +1190 -0
- data/schemas/15.1.3/container-scanning-report-format.json +1123 -0
- data/schemas/15.1.3/coverage-fuzzing-report-format.json +1100 -0
- data/schemas/15.1.3/dast-report-format.json +1505 -0
- data/schemas/15.1.3/dependency-scanning-report-format.json +1111 -0
- data/schemas/15.1.3/sast-report-format.json +1095 -0
- data/schemas/15.1.3/secret-detection-report-format.json +1119 -0
- data/schemas/15.1.4/cluster-image-scanning-report-format.json +1190 -0
- data/schemas/15.1.4/container-scanning-report-format.json +1123 -0
- data/schemas/15.1.4/coverage-fuzzing-report-format.json +1100 -0
- data/schemas/15.1.4/dast-report-format.json +1505 -0
- data/schemas/15.1.4/dependency-scanning-report-format.json +1111 -0
- data/schemas/15.1.4/sast-report-format.json +1095 -0
- data/schemas/15.1.4/secret-detection-report-format.json +1119 -0
- data/supported_versions +11 -0
- metadata +84 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c9af96e97dc59f0c41584c6cfd38fb884baf9e9784cdfb217ce30dc78851e82d
|
4
|
+
data.tar.gz: f0e1f560e4c22858a1c58f81fcbb3d10d83794ab1761dabba43ff472205a24ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bcf702b6c306a2844e1e532cb2fb9e640f6c11f443ea521846627860e503c0703c628a62fe604a1e459e7ea0d1dbf2a35766e43c8ac71503b58678dcb0227c1b
|
7
|
+
data.tar.gz: ec033a05bab164d63fa6e0982446dc2826a21ee52760679f49b45be371e972b474412819fc1018b9ec28db5c6b1dacf977e6e7cf10aae322aff53b4af1a523ab
|
data/Gemfile.lock
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
gitlab-security_report_schemas (0.1.
|
4
|
+
gitlab-security_report_schemas (0.1.2.min15.0.0.max15.1.4)
|
5
5
|
activesupport (>= 6, < 8)
|
6
|
-
json_schemer (~>
|
6
|
+
json_schemer (~> 2.3.0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
@@ -14,23 +14,21 @@ GEM
|
|
14
14
|
minitest (>= 5.1)
|
15
15
|
tzinfo (~> 2.0)
|
16
16
|
ast (2.4.2)
|
17
|
+
bigdecimal (3.1.8)
|
17
18
|
coderay (1.1.3)
|
18
19
|
concurrent-ruby (1.1.10)
|
19
20
|
diff-lcs (1.5.0)
|
20
|
-
ecma-re-validator (0.4.0)
|
21
|
-
regexp_parser (~> 2.2)
|
22
21
|
git (1.11.0)
|
23
22
|
rchardet (~> 1.8)
|
24
23
|
hana (1.3.7)
|
25
24
|
i18n (1.12.0)
|
26
25
|
concurrent-ruby (~> 1.0)
|
27
26
|
json (2.6.2)
|
28
|
-
json_schemer (
|
29
|
-
|
27
|
+
json_schemer (2.3.0)
|
28
|
+
bigdecimal
|
30
29
|
hana (~> 1.3)
|
31
30
|
regexp_parser (~> 2.0)
|
32
31
|
simpleidn (~> 0.2)
|
33
|
-
uri_template (~> 0.7)
|
34
32
|
method_source (1.0.0)
|
35
33
|
minitest (5.16.2)
|
36
34
|
parallel (1.22.1)
|
@@ -76,7 +74,6 @@ GEM
|
|
76
74
|
tzinfo (2.0.5)
|
77
75
|
concurrent-ruby (~> 1.0)
|
78
76
|
unicode-display_width (2.2.0)
|
79
|
-
uri_template (0.7.0)
|
80
77
|
|
81
78
|
PLATFORMS
|
82
79
|
arm64-darwin-21
|
@@ -93,4 +90,4 @@ DEPENDENCIES
|
|
93
90
|
shoulda-matchers (~> 5.0)
|
94
91
|
|
95
92
|
BUNDLED WITH
|
96
|
-
2.
|
93
|
+
2.5.14
|
data/LICENSE.txt
CHANGED
@@ -1,13 +1,6 @@
|
|
1
|
-
|
1
|
+
MIT License
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
* All content residing under the "doc/" directory of this repository is licensed under "Creative Commons: CC BY-SA 4.0 license".
|
6
|
-
* All content that resides under the "ee/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
|
7
|
-
* All content that resides under the "jh/" directory of this repository, if that directory exists, is licensed under the license defined in "jh/LICENSE".
|
8
|
-
* All client-side JavaScript (when served directly or after being compiled, arranged, augmented, or combined), is licensed under the "MIT Expat" license.
|
9
|
-
* All third party components incorporated into the GitLab Software are licensed under the original license provided by the owner of the applicable component.
|
10
|
-
* Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
|
3
|
+
Copyright (c) 2017-present GitLab B.V.
|
11
4
|
|
12
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
13
6
|
of this software and associated documentation files (the "Software"), to deal
|
data/README.md
CHANGED
@@ -47,21 +47,25 @@ bundle exec security-reports-schemas $FILE_PATH
|
|
47
47
|
|
48
48
|
#### Credentials
|
49
49
|
|
50
|
-
| Key | Description
|
51
|
-
|
52
|
-
| `GITLAB_PUSH_ACCESS_TOKEN` | Own project access token used to push new schema versions. Requires `write_repository` scope.
|
53
|
-
| `GITLAB_ISSUE_ACCESS_TOKEN` | Project access token used to create an issue on `gitlab-org/gitlab`. Requires `api` scopes.
|
54
|
-
| `GEM_HOST_API_KEY` | rubygems.org API key
|
50
|
+
| Key | Description |
|
51
|
+
|-----------------------------|-----------------------------------------------------------------------------------------------|
|
52
|
+
| `GITLAB_PUSH_ACCESS_TOKEN` | Own project access token used to push new schema versions. Requires `write_repository` scope. |
|
53
|
+
| `GITLAB_ISSUE_ACCESS_TOKEN` | Project access token used to create an issue on `gitlab-org/gitlab`. Requires `api` scopes. |
|
54
|
+
| `GEM_HOST_API_KEY` | rubygems.org API key |
|
55
55
|
|
56
56
|
#### Configuration
|
57
57
|
|
58
|
-
| Key | Default | Description
|
59
|
-
|
60
|
-
| `SCHEMAS_PATH` | `./schemas` | Schema storage location
|
61
|
-
| `SCHEMA_PROJECT` | `gitlab-org/security-products/security-report-schemas` | Where to source schemas
|
62
|
-
| `GITLAB_PROJECT` | `gitlab-org/gitlab` | Project to open MRs for
|
58
|
+
| Key | Default | Description |
|
59
|
+
|---------------------------|--------------------------------------------------------|----------------------------------------|
|
60
|
+
| `SCHEMAS_PATH` | `./schemas` | Schema storage location |
|
61
|
+
| `SCHEMA_PROJECT` | `gitlab-org/security-products/security-report-schemas` | Where to source schemas |
|
62
|
+
| `GITLAB_PROJECT` | `gitlab-org/gitlab` | Project to open MRs for |
|
63
63
|
| `ISSUE_TARGET_PROJECT_ID` | `278964` (`gitlab-org/gitlab`) | Project ID for which to open an issue. |
|
64
64
|
|
65
|
+
## Maintenance
|
66
|
+
|
67
|
+
See [`RUNBOOK.md`](./RUNBOOK.md) for solutions to common maintenance tasks.
|
68
|
+
|
65
69
|
## Development
|
66
70
|
|
67
71
|
### Updating the schemas
|
data/RUNBOOK.md
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# Common maintenance tasks
|
2
|
+
|
3
|
+
### Problem
|
4
|
+
|
5
|
+
* an upstream [security-report-schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas) pipeline failed to trigger the release pipeline
|
6
|
+
* you want to add, remove or deprecate support for report schema versions
|
7
|
+
* you need to release a new version of the gem without altering version ranges,
|
8
|
+
because for example:
|
9
|
+
* an existing gem release has a bug, and the bugfix release needs to cover the
|
10
|
+
same version range.
|
11
|
+
* there were breaking changes to the gem's public API that must be released
|
12
|
+
for the currently supported version range.
|
13
|
+
|
14
|
+
### Solution
|
15
|
+
|
16
|
+
1. Open and merge an MR targeting the default branch which may:
|
17
|
+
* change the [`supported_versions`](../supported_versions) file to set the
|
18
|
+
report schema version range that the release should include.
|
19
|
+
* change the `Gitlab::SecurityReportSchemas::Version::GEM_VERSION` constant
|
20
|
+
to set the MAJOR.MINOR.PATCH version components of the resulting release.
|
21
|
+
2. Run a new pipeline for the default branch and set the `MANUAL_RELEASE` CI
|
22
|
+
variable.
|
23
|
+
3. Trigger the manual `manual-release` job in the resulting pipeline.
|
24
|
+
|
25
|
+
## Find the commit SHA for a RubyGem version
|
26
|
+
|
27
|
+
Before a rubygems.org release is created, a git tag referencing the full
|
28
|
+
v-prefixed release version is pushed, for example `v0.1.0.min15.0.0.max15.0.1`.
|
data/Rakefile
CHANGED
@@ -30,7 +30,7 @@ desc "Bundles the Security Report Schemas into the project and builds the gem"
|
|
30
30
|
task :prepare, %i[versions] => %i[prepare_schemas build]
|
31
31
|
|
32
32
|
desc "Checks the integrity of the schema files with upstream"
|
33
|
-
task :
|
33
|
+
task integrity_check: :prepare_schemas do
|
34
34
|
require "gitlab/security_report_schemas"
|
35
35
|
require "gitlab/security_report_schemas/cli/integrity_checker"
|
36
36
|
|
data/gem_version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.2.min15.0.0.max15.1.4
|
@@ -5,7 +5,7 @@ Gem::Specification.new do |spec|
|
|
5
5
|
spec.version = `cat gem_version`
|
6
6
|
spec.authors = ["GitLab"]
|
7
7
|
spec.email = ["gitlab_rubygems@gitlab.com"]
|
8
|
-
spec.license = "
|
8
|
+
spec.license = "MIT"
|
9
9
|
|
10
10
|
spec.summary = "Ruby gem for GitLab security report JSON schemas"
|
11
11
|
spec.homepage = "https://gitlab.com/gitlab-org/ruby/gems/gitlab-security_report_schemas"
|
@@ -29,5 +29,5 @@ Gem::Specification.new do |spec|
|
|
29
29
|
spec.require_paths = ["lib"]
|
30
30
|
|
31
31
|
spec.add_dependency "activesupport", ">= 6", "< 8"
|
32
|
-
spec.add_dependency "json_schemer", "~>
|
32
|
+
spec.add_dependency "json_schemer", "~> 2.3.0"
|
33
33
|
end
|
@@ -9,8 +9,8 @@ module Gitlab
|
|
9
9
|
deprecated_versions: -> { [] },
|
10
10
|
schema_project: -> { "gitlab-org/security-products/security-report-schemas" },
|
11
11
|
gitlab_project: -> { "gitlab-org/gitlab" },
|
12
|
-
issue_target_project_id: -> {
|
13
|
-
gitlab_issue_access_token:
|
12
|
+
issue_target_project_id: -> { "278964" }, # gitlab-org/gitlab
|
13
|
+
gitlab_issue_access_token: nil,
|
14
14
|
ci_server_host: nil
|
15
15
|
}.freeze
|
16
16
|
|
@@ -5,7 +5,7 @@ module Gitlab
|
|
5
5
|
# Represents the version of the gem
|
6
6
|
class Version
|
7
7
|
VERSION_SPEC = "%<gem_version>s.min%<min_schema>s.max%<max_schema>s"
|
8
|
-
GEM_VERSION = "0.1.
|
8
|
+
GEM_VERSION = "0.1.2"
|
9
9
|
MISSING_SCHEMA_VERSION = "0.0.0"
|
10
10
|
|
11
11
|
class << self
|
@@ -16,8 +16,6 @@ module Gitlab
|
|
16
16
|
max_schema: max_schema)
|
17
17
|
end
|
18
18
|
|
19
|
-
private
|
20
|
-
|
21
19
|
def min_schema
|
22
20
|
SecurityReportSchemas.supported_versions.first || MISSING_SCHEMA_VERSION
|
23
21
|
end
|