gitlab-security_report_schemas 0.1.0.min0.0.0.max0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 48bb6ab237a896e1a713f7384008e510307fc383135450eca126ce5c912250bd
+  data.tar.gz: b1b4f46ea3c0e83ee3967a418b71a93039ab4227b0f6beae3487b8ed568a4116
+SHA512:
+  metadata.gz: d92c6d99fa5605d114247a642e386a0876de1396a080868b55ce05951e51b30eb7768fc0c3846b311360a8f6c44f930224a9f7ef2c2f96af1881eed14e2b82f1
+  data.tar.gz: 3e21bfff0c8c1a3dfae2831b92546a513a89b85475f20d5c68303711580881a174e2160f91e23f4457a689063e6dc16ea28e5050201f6a4fbeb7d6af7d483377

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,23 @@
+AllCops:
+  TargetRubyVersion: 2.7
+
+Style/Alias:
+  EnforcedStyle: prefer_alias_method
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Exclude:
+    - "spec/**/*"
+
+Naming/VariableNumber:
+  EnforcedStyle: snake_case

data/CODEOWNERS

@@ -0,0 +1,7 @@
+# default to maintainers
+[Maintainers]
+* @gitlab-org/maintainers/security-report-schemas @minac
+
+# Specific reviewers
+[Reviewers]
+*.rb @gitlab-org/maintainers/security-report-schemas @gitlab-org/govern/threat-insights-backend-team

data/CONTRIBUTING.md

@@ -0,0 +1,26 @@
+## Contributor License Agreement and Developer Certificate of Origin
+
+Contributions to this repository are subject to the [Developer Certificate of Origin](https://docs.gitlab.com/ee/legal/developer_certificate_of_origin.html#developer-certificate-of-origin-version-11), or the [Individual](https://docs.gitlab.com/ee/legal/individual_contributor_license_agreement.html) or [Corporate](https://docs.gitlab.com/ee/legal/corporate_contributor_license_agreement.html) Contributor License Agreement, depending on where the contribution is made and on whose behalf:
+
+- By submitting code contributions as an individual to the [`/ee` subdirectory](/ee) of this repository, you agree to the [Individual Contributor License Agreement](https://docs.gitlab.com/ee/legal/individual_contributor_license_agreement.html).
+
+- By submitting code contributions on behalf of a corporation to the [`/ee` subdirectory](/ee) of this repository, you agree to the [Corporate Contributor License Agreement](https://docs.gitlab.com/ee/legal/corporate_contributor_license_agreement.html).
+
+- By submitting code contributions as an individual or on behalf of a corporation to any directory in this repository outside of the [`/ee` subdirectory](/ee), you agree to the [Developer Certificate of Origin](https://docs.gitlab.com/ee/legal/developer_certificate_of_origin.html#developer-certificate-of-origin-version-11).
+
+All Documentation content that resides under the [`doc/` directory](/doc) of this repository is licensed under Creative Commons:
+[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/).
+
+_This notice must stay as the first item in the `CONTRIBUTING.md` file._
+
+## Contributing Documentation
+
+Documentation for contributing to the GitLab project can be found at https://about.gitlab.com/community/contribute/.
+
+## Code of Conduct
+
+See https://about.gitlab.com/contributing/code-of-conduct/.
+
+## Issue tracker
+
+Use the issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/.

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+gem "git", "~> 1.3"
+gem "pry"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1.21"
+gem "shoulda-matchers", "~> 5.0"

data/Gemfile.lock

@@ -0,0 +1,94 @@
+PATH
+  remote: .
+  specs:
+    gitlab-security_report_schemas (0.1.0.min0.0.0.max0.0.0)
+      activesupport (>= 5)
+      json_schemer (~> 0.2.18)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.10)
+    diff-lcs (1.5.0)
+    ecma-re-validator (0.4.0)
+      regexp_parser (~> 2.2)
+    git (1.11.0)
+      rchardet (~> 1.8)
+    hana (1.3.7)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.2)
+    json_schemer (0.2.21)
+      ecma-re-validator (~> 0.3)
+      hana (~> 1.3)
+      regexp_parser (~> 2.0)
+      uri_template (~> 0.7)
+    method_source (1.0.0)
+    minitest (5.16.2)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rchardet (1.8.0)
+    regexp_parser (2.5.0)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.32.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.19.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.19.1)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    shoulda-matchers (5.1.0)
+      activesupport (>= 5.2.0)
+    tzinfo (2.0.5)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.2.0)
+    uri_template (0.7.0)
+
+PLATFORMS
+  arm64-darwin-21
+  ruby
+  x86_64-darwin-19
+
+DEPENDENCIES
+  git (~> 1.3)
+  gitlab-security_report_schemas!
+  pry
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.21)
+  shoulda-matchers (~> 5.0)
+
+BUNDLED WITH
+   2.3.15

data/LICENSE.txt

@@ -0,0 +1,28 @@
+Copyright (c) 2011-present GitLab B.V.
+
+Portions of this software are licensed as follows:
+
+* All content residing under the "doc/" directory of this repository is licensed under "Creative Commons: CC BY-SA 4.0 license".
+* All content that resides under the "ee/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
+* All content that resides under the "jh/" directory of this repository, if that directory exists, is licensed under the license defined in "jh/LICENSE".
+* All client-side JavaScript (when served directly or after being compiled, arranged, augmented, or combined), is licensed under the "MIT Expat" license.
+* All third party components incorporated into the GitLab Software are licensed under the original license provided by the owner of the applicable component.
+* Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,66 @@
+ [![pipeline status](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/badges/main/pipeline.svg)](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/-/commits/main)
+ [![coverage report](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/badges/main/coverage.svg)](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/-/commits/main) 
+ [![Latest Release](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/-/badges/release.svg)](https://gitlab.com/gitlab-org/security-products/security-report-schemas-ruby/-/releases)
+
+# Gitlab::SecurityReportSchemas
+
+Rubygem for https://gitlab.com/gitlab-org/security-products/security-reports-schema
+
+This gem provides a Ruby and command line interface to validate the report artifact generated by the security analyzers.
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+    $ bundle add gitlab-security_report_schemas
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+    $ gem install gitlab-security_report_schemas
+
+## Usage
+
+### Ruby interface
+
+```ruby
+require "security_report_schemas"
+
+file_path = "path_of_the_report_file"
+report_content = File.read(file_path)
+data = JSON.parse(report_content)
+validator = Gitlab::SecurityReportSchemas::Validator.new(data, "sast", "15.0.0")
+
+validator.valid? # true/false
+validator.errors # An array of error messages
+validator.warnings # An array of warning messages
+```
+
+### CLI
+
+You can use the executable to check validity of your report artifact, like so;
+
+```sh
+bundle exec security-reports-schemas $FILE_PATH
+```
+
+## Development
+
+### Updating the schemas
+
+You can use the `rake prepare_schemas[versions]` rake task to update the schemas, like so;
+
+```sh
+rake "prepare_schemas[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4]"
+```
+
+This will download the following schema versions: "14.0.0", "14.0.1", "14.0.2", "14.0.3", "14.0.4".
+
+Check `rake -T` for other available tasks
+
+## Contributing
+
+See [`CONTRIBUTING.md`](CONTRIBUTING.md).
+
+## License
+
+See [`LICENSE.txt`](LICENSE.txt).

data/Rakefile

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]
+
+desc "Bundles the Security Report Schemas into the project"
+task :prepare_schemas, [:versions] do |_, args|
+  require "gitlab/security_report_schemas"
+  require "gitlab/security_report_schemas/cli/schema_downloader"
+
+  requested_versions = args[:versions]&.split.to_a
+
+  cleanup_schema_dir.then { schemas_to_prepare(requested_versions) }
+                    .then { copy_new_schemas(_1) }
+                    .then { update_gem_version }
+end
+
+desc "Bundles the Security Report Schemas into the project and builds the gem"
+task :prepare, %i[versions] => %i[prepare_schemas build]
+
+desc "Checks the integrity of the schema files with upstream"
+task :integrity_check do
+  require "gitlab/security_report_schemas"
+  require "gitlab/security_report_schemas/cli/integrity_checker"
+
+  Gitlab::SecurityReportSchemas.supported_versions.each do |version|
+    puts "Checking the integrity of #{version} schemas"
+
+    Gitlab::SecurityReportSchemas::CLI::IntegrityChecker.check!(version)
+  end
+end
+
+def cleanup_schema_dir
+  puts "Cleaning the schemas directory..."
+
+  Gitlab::SecurityReportSchemas.schema_directories.each(&:rmtree)
+end
+
+def versions_file
+  @versions_file ||= Gitlab::SecurityReportSchemas.root_path
+                                                  .join("supported_versions")
+                                                  .then { |path| File.open(path, "r+") }
+end
+
+def schemas_to_prepare(requested_versions)
+  supported_versions = versions_file.readlines.map(&:chomp)
+
+  if requested_versions.empty?
+    puts "Preparing schemas from `supported_versions' file..."
+  else
+    puts "Preparing new schemas #{requested_versions}"
+  end
+
+  supported_versions + requested_versions
+end
+
+def copy_new_schemas(versions)
+  versions_file.seek(0)
+
+  versions.uniq.each do |version|
+    puts "Preparing the schemas for #{version}"
+
+    versions_file.puts(version)
+    Gitlab::SecurityReportSchemas::CLI::SchemaDownloader.download(version)
+  end
+
+  versions_file.close
+end
+
+def update_gem_version
+  # Writing the gemversion file so the gemspec can be updated
+  new_gem_version = Gitlab::SecurityReportSchemas::Version.to_s
+  gem_version_file = Gitlab::SecurityReportSchemas.root_path.join("gem_version")
+
+  gem_version_file.write(new_gem_version)
+
+  puts "Gem version is updated as `#{new_gem_version}'"
+end

data/exe/security-report-schemas

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "gitlab/security_report_schemas"
+require "gitlab/security_report_schemas/cli/validator"
+
+Gitlab::SecurityReportSchemas::CLI::Validator.new(ARGV.dup).run

data/gem_version

@@ -0,0 +1 @@
+0.1.0.min0.0.0.max0.0.0

data/lib/gitlab/security_report_schemas/cli/integrity_checker.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative "schema_checker/abstract_file"
+require_relative "schema_checker/local_file"
+require_relative "schema_checker/remote_file"
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      # Checks the integrity of the schemas
+      class IntegrityChecker
+        def self.check!(version)
+          new(version).check!
+        end
+
+        def initialize(version)
+          @version = version
+        end
+
+        def check!
+          local_schema_files.each do |schema_file|
+            check_integrity_of!(schema_file)
+          end
+        end
+
+        private
+
+        attr_reader :version
+
+        def local_schema_files
+          schema_dir.children
+        end
+
+        def schema_dir
+          SecurityReportSchemas.schemas_path.join(version)
+        end
+
+        def check_integrity_of!(schema_file)
+          return if LocalFile.new(schema_file) == RemoteFile.new(schema_file)
+
+          raise "Integrity of `#{schema_file}' is broken!"
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/cli/schema_checker/abstract_file.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      class IntegrityChecker
+        # Encapsulates common schema file logic
+        class AbstractFile
+          def initialize(schema_file)
+            @schema_file = schema_file
+          end
+
+          def ==(other)
+            checksum == other.checksum
+          end
+
+          protected
+
+          def checksum
+            Digest::MD5.hexdigest(content)
+          end
+
+          private
+
+          attr_reader :schema_file
+
+          def content
+            raise "Must be implemented by the subclass"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/cli/schema_checker/local_file.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      class IntegrityChecker
+        # Represents the local schema file
+        class LocalFile < AbstractFile
+          private
+
+          def content
+            File.read(schema_file)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/cli/schema_checker/remote_file.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "net/http"
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      class IntegrityChecker
+        # Represents the schema file located on GitLab.com
+        class RemoteFile < AbstractFile
+          SCHEMA_PROJECT_RAW_URL = "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v%<version>s/dist/%<schema_file_name>s"
+          SCHEMA_FILE_NAME_REGEX = %r{./+(?<version>\d+\.\d+\.\d+)/(?<file_name>.+-report-format\.json)$}.freeze
+
+          private
+
+          def content
+            Net::HTTP.get(uri)
+          end
+
+          def uri
+            URI(schema_url)
+          end
+
+          def schema_url
+            format(SCHEMA_PROJECT_RAW_URL, version: version, schema_file_name: schema_file_name)
+          end
+
+          def version
+            schema_file_components["version"]
+          end
+
+          def schema_file_name
+            schema_file_components["file_name"]
+          end
+
+          def schema_file_components
+            @schema_file_components ||= schema_file.to_s.match(SCHEMA_FILE_NAME_REGEX).named_captures
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/cli/schema_downloader.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require "git"
+require "fileutils"
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      # Copies the schema for the given version to the project
+      class SchemaDownloader
+        SCHEMA_PROJECT_REPO = "git@gitlab.com:gitlab-org/security-products/security-report-schemas.git"
+
+        def self.download(version)
+          new(version).download
+        end
+
+        def initialize(version)
+          @version = version
+        end
+
+        def download
+          checkout_version
+          create_target_directory
+          copy_schemas
+        end
+
+        private
+
+        attr_reader :version
+
+        def checkout_version
+          git_project.checkout("v#{version}")
+        end
+
+        def create_target_directory
+          FileUtils.mkdir_p(target_directory) unless File.exist?(target_directory)
+        end
+
+        def copy_schemas
+          FileUtils.cp(dist_path.children, target_directory)
+        end
+
+        def target_directory
+          @target_directory ||= SecurityReportSchemas.schemas_path.join(version)
+        end
+
+        def dist_path
+          SecurityReportSchemas.root_path.join("tmp", "security-report-schemas", "dist")
+        end
+
+        def git_project
+          @git_project ||= existing_repository || clone_repository
+        end
+
+        def existing_repository
+          return unless File.exist?(git_project_path)
+
+          Git.open(git_project_path)
+        end
+
+        def clone_repository
+          Git.clone(SCHEMA_PROJECT_REPO, git_project_path)
+        end
+
+        def git_project_path
+          @git_project_path ||= SecurityReportSchemas.root_path.join("tmp", "security-report-schemas")
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/cli/validator.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require "optparse"
+require_relative "../utils/string_refinements"
+
+module Gitlab
+  module SecurityReportSchemas
+    module CLI
+      # Validation command line interface
+      class Validator
+        using Utils::StringRefinements
+
+        def initialize(argv)
+          @argv = argv
+        end
+
+        def run
+          configure
+
+          run_validation
+          print_warnings
+        end
+
+        private
+
+        attr_reader :argv, :warnings
+
+        def file_path
+          @file_path ||= argv.shift
+        end
+
+        def configure
+          opt_parser.parse!(argv)
+
+          exit_with_usage_message unless file_path
+          exit_with_unknown_report_type_message unless report_type
+        rescue OptionParser::InvalidOption => e
+          exit_with_usage_message(e.message)
+        end
+
+        def exit_with_usage_message(extra_message = nil)
+          puts extra_message if extra_message
+          puts opt_parser.help
+
+          exit
+        end
+
+        def exit_with_unknown_report_type_message
+          puts "Can not find report type! Consider providing the report type."
+
+          exit
+        end
+
+        def run_validation
+          puts "Validating #{report_type} v#{version} against schema v#{validator.schema_ver_version}"
+
+          if validator.valid?
+            puts "Content is valid".green
+          else
+            puts "Content is invalid".red
+            puts make_string(validator.errors)
+          end
+        end
+
+        def print_warnings
+          return unless warnings && validator.warnings.present?
+
+          puts make_string(validator.warnings).brown
+        end
+
+        def make_string(array)
+          array.map { |message| "* #{message}" }
+               .join("\n")
+        end
+
+        def validator
+          @validator ||= SecurityReportSchemas::Validator.new(report_data, report_type, version)
+        end
+
+        def version
+          report_data["version"]
+        end
+
+        def report_type
+          @report_type ||= report_data.dig("scan", "type")
+        end
+
+        def report_data
+          @report_data ||= JSON.parse(report_content)
+        end
+
+        def report_content
+          File.read(file_path)
+        end
+
+        def opt_parser
+          @opt_parser ||= OptionParser.new do |parser|
+            parser.banner = banner_message
+
+            parser.on("-r", "--report_type=REPORT_TYPE", "Override the report type") do |arg|
+              @report_type = arg
+            end
+
+            parser.on("-w", "--warnings", "Prints the warning messages") do
+              @warnings = true
+            end
+          end
+        end
+
+        def banner_message
+          "SecurityReportSchemas #{SecurityReportSchemas::Version}.\n" \
+          "Supported schema versions: #{supported_versions.to_s.green}\n\n" \
+          "Usage: security-report-schemas REPORT_FILE_PATH [options]"
+        end
+
+        def supported_versions
+          SecurityReportSchemas.supported_versions.map(&:version)
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/configuration.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    # Holds the configuration of the gem
+    class Configuration
+      OPTIONS = {
+        schemas_path: -> { SecurityReportSchemas.root_path.join("schemas") },
+        deprecated_versions: -> { [] }
+      }.freeze
+
+      OPTIONS.each do |option, default_value|
+        define_method(option) do
+          instance_variable_get("@#{option}") || default_value.call
+        end
+
+        attr_writer option
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/schema.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "json_schemer"
+
+module Gitlab
+  module SecurityReportSchemas
+    # Schema related logic
+    class Schema
+      attr_reader :report_type, :version
+
+      CROSS_COMPLIANT_SCHEMAS = { api_fuzzing: :dast }.freeze
+
+      def initialize(report_type, version)
+        @report_type = report_type
+        @version = version
+      end
+
+      delegate :validate, to: :schemer
+      delegate :supported?, :deprecated?, :fallback?, to: :schema_ver
+      delegate :version, to: :schema_ver, prefix: true
+
+      private
+
+      delegate :schemas_path, to: SecurityReportSchemas, private: true
+
+      def schemer
+        @schemer ||= JSONSchemer.schema(pathname)
+      end
+
+      def pathname
+        Pathname.new(schema_file_path)
+      end
+
+      def schema_file_path
+        schemas_path.join(schema_ver, schema_file_name)
+      end
+
+      def schema_file_name
+        "#{schema_name.to_s.dasherize}-report-format.json"
+      end
+
+      def schema_name
+        CROSS_COMPLIANT_SCHEMAS.fetch(report_type.to_sym, report_type)
+      end
+
+      def schema_ver
+        @schema_ver ||= SchemaVer.new!(version)
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/schema_ver.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    # Value class to encapsulate schemaVer related logic
+    class SchemaVer
+      VALID_SCHEMA_FORMAT = /\d+\.\d+\.\d+/.freeze
+
+      class InvalidSchemaVersion < StandardError; end
+
+      include Comparable
+
+      def self.new!(version)
+        return SecurityReportSchemas.supported_versions.last if version.blank?
+        raise InvalidSchemaVersion, version unless version.match(VALID_SCHEMA_FORMAT)
+
+        new(version).itself_or_fallback
+      end
+
+      attr_reader :version
+
+      def initialize(version)
+        @version = version
+      end
+
+      def itself_or_fallback
+        supported? ? self : (fallback || self)
+      end
+
+      def supported?
+        supported_versions.include?(self)
+      end
+
+      def deprecated?
+        deprecated_versions.include?(self)
+      end
+
+      def fallback?
+        @fallback_to.present?
+      end
+
+      attr_accessor :fallback_to
+
+      # The below public methods are commonly used by the Ruby's standard library
+
+      delegate :hash, to: :version
+
+      def eql?(other)
+        other.is_a?(self.class) && version == other.version
+      end
+
+      def <=>(other)
+        segments <=> other.segments
+      end
+
+      def to_s
+        version
+      end
+
+      # Enables implicit conversion to string
+      alias_method :to_str, :to_s
+
+      protected
+
+      def segments
+        @segments ||= version.split(".").map(&:to_i)
+      end
+
+      def compatible?(other)
+        model == other.model &&
+          revision == other.revision &&
+          addition > other.addition
+      end
+
+      def model
+        segments[0]
+      end
+
+      def revision
+        segments[1]
+      end
+
+      def addition
+        segments[2]
+      end
+
+      def as_fallback_to!(primary)
+        dup.tap { |duplicate| duplicate.fallback_to = primary }
+      end
+
+      private
+
+      delegate :supported_versions, :deprecated_versions, to: SecurityReportSchemas, private: true
+
+      def fallback
+        supported_versions.select { |version| compatible?(version) }
+                          .max
+                          &.as_fallback_to!(self)
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/utils/string_refinements.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    module Utils
+      # Contains utility methods for the String class
+      module StringRefinements
+        refine String do
+          def red
+            "\e[31m#{self}\e[0m"
+          end
+
+          def green
+            "\e[32m#{self}\e[0m"
+          end
+
+          def brown
+            "\e[33m#{self}\e[0m"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/validator.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "json_schemer"
+
+require_relative "schema"
+
+module Gitlab
+  module SecurityReportSchemas
+    # Takes the data to be validated along with the
+    # report type and version.
+    class Validator
+      UNSUPPORTED_SCHEMA_TEMPLATE = "Version %<version>s for report type %<report_type>s is unsupported, " \
+                                    "supported versions for this report type are: %<supported_versions>s"
+
+      DEPRECATED_SCHEMA_TEMPLATE = "Version %<version>s for report type %<report_type>s has been deprecated, " \
+                                   "supported versions for this report type are: %<supported_versions>s"
+
+      FALLBACK_USED_TEMPLATE = "This report uses a supported MAJOR.MINOR version but the PATCH doesn't match " \
+                               "any vendored schema version. Validation is done against version %<fallback>s"
+
+      def initialize(data, report_type, version)
+        @data = data
+        @report_type = report_type
+        @version = version
+      end
+
+      def valid?
+        errors.empty?
+      end
+
+      def errors
+        @errors ||= schema.supported? ? schema_errors : [unsupported_schema_error]
+      end
+
+      def warnings
+        [].tap do |warn|
+          warn << deprecated_schema_warning_message if schema.deprecated?
+          warn << fallback_schema_used_warning_message if schema.fallback?
+        end
+      end
+
+      delegate :schema_ver_version, to: :schema
+
+      private
+
+      attr_reader :data, :report_type, :version
+
+      def schema_errors
+        validation_result.map { |error| JSONSchemer::Errors.pretty(error) }
+      end
+
+      def unsupported_schema_error
+        formatted_message(UNSUPPORTED_SCHEMA_TEMPLATE, SecurityReportSchemas.supported_versions)
+      end
+
+      def deprecated_schema_warning_message
+        formatted_message(DEPRECATED_SCHEMA_TEMPLATE, SecurityReportSchemas.maintained_versions)
+      end
+
+      def fallback_schema_used_warning_message
+        format(FALLBACK_USED_TEMPLATE, fallback: schema_ver_version)
+      end
+
+      def formatted_message(template, supported_versions)
+        format(template,
+               version: schema_ver_version,
+               report_type: report_type,
+               supported_versions: supported_versions.map(&:to_s))
+      end
+
+      def validation_result
+        @validation_result ||= schema.validate(data)
+      end
+
+      def schema
+        @schema ||= Schema.new(report_type, version)
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas/version.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SecurityReportSchemas
+    # Represents the version of the gem
+    class Version
+      VERSION_SPEC = "%<gem_version>s.min%<min_schema>s.max%<max_schema>s"
+      GEM_VERSION = "0.1.0"
+      MISSING_SCHEMA_VERSION = "0.0.0"
+
+      class << self
+        def to_s
+          format(VERSION_SPEC,
+                 gem_version: GEM_VERSION,
+                 min_schema: min_schema,
+                 max_schema: max_schema)
+        end
+
+        private
+
+        def min_schema
+          SecurityReportSchemas.supported_versions.first || MISSING_SCHEMA_VERSION
+        end
+
+        def max_schema
+          SecurityReportSchemas.supported_versions.last || MISSING_SCHEMA_VERSION
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/security_report_schemas.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require "pathname"
+require "active_support/all"
+require_relative "security_report_schemas/configuration"
+require_relative "security_report_schemas/schema_ver"
+require_relative "security_report_schemas/version"
+require_relative "security_report_schemas/validator"
+
+module Gitlab
+  # I will document this later
+  module SecurityReportSchemas
+    class Error < StandardError; end
+
+    SCHEMA_PATH_REGEX = %r{.+schemas/(\d+\.\d+\.\d+)$}.freeze
+
+    class << self
+      # Returns the list of schema versions available including the deprecated ones.
+      def supported_versions
+        @supported_versions ||= schema_directories.map { |path_name| path_name_to_version(path_name) }
+                                                  .sort
+      end
+
+      # Returns the list of actively maintained schemas excluding the ones marked as deprecated.
+      def maintained_versions
+        @maintained_versions ||= supported_versions - deprecated_versions
+      end
+
+      def deprecated_versions
+        @deprecated_versions ||= configuration.deprecated_versions.map { |version| SchemaVer.new(version) }
+      end
+
+      def schema_files
+        schema_directories.flat_map { |directory| directory.children.select(&:file?) }
+                          .map { |schema_path| schema_path.relative_path_from(root_path) }
+      end
+
+      def schema_directories
+        schemas_path.children.select(&:directory?)
+      end
+
+      def root_path
+        @root_path ||= Pathname.new(__dir__).join("..", "..")
+      end
+
+      def configure(&block)
+        flush_memoized_methods!
+
+        block.call(configuration)
+      end
+
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
+      delegate :schemas_path, to: :configuration
+
+      private
+
+      def flush_memoized_methods!
+        @deprecated_versions = @maintained_versions = nil
+      end
+
+      def path_name_to_version(path_name)
+        version = path_name.to_s.match(SCHEMA_PATH_REGEX).captures.first
+
+        SchemaVer.new(version)
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-security_report_schemas
+version: !ruby/object:Gem::Version
+  version: 0.1.0.min0.0.0.max0.0.0
+platform: ruby
+authors:
+- GitLab
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-12-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: json_schemer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.18
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.18
+description: 
+email:
+- gitlab_rubygems@gitlab.com
+executables:
+- security-report-schemas
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CODEOWNERS
+- CONTRIBUTING.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/security-report-schemas
+- gem_version
+- lib/gitlab/security_report_schemas.rb
+- lib/gitlab/security_report_schemas/cli/integrity_checker.rb
+- lib/gitlab/security_report_schemas/cli/schema_checker/abstract_file.rb
+- lib/gitlab/security_report_schemas/cli/schema_checker/local_file.rb
+- lib/gitlab/security_report_schemas/cli/schema_checker/remote_file.rb
+- lib/gitlab/security_report_schemas/cli/schema_downloader.rb
+- lib/gitlab/security_report_schemas/cli/validator.rb
+- lib/gitlab/security_report_schemas/configuration.rb
+- lib/gitlab/security_report_schemas/schema.rb
+- lib/gitlab/security_report_schemas/schema_ver.rb
+- lib/gitlab/security_report_schemas/utils/string_refinements.rb
+- lib/gitlab/security_report_schemas/validator.rb
+- lib/gitlab/security_report_schemas/version.rb
+- schemas/.keep
+- supported_versions
+homepage: https://gitlab.com/gitlab-org/security-products/security-reports-schema-ruby
+licenses: []
+metadata:
+  homepage_uri: https://gitlab.com/gitlab-org/security-products/security-reports-schema-ruby
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.3.26
+signing_key: 
+specification_version: 4
+summary: Ruby gem for GitLab security report JSON schemas
+test_files: []