Describe the idea
Instead of case to case parsing, implement a dynamic parsing depending on activity (SAST, Secret, IaC) and report version.
This way, all available information can be parsed without losing context, even if the report formats change.
How to implement?
- Check the report for the activity and version as described here [1]
- For the activity parse the report format of the respective version [2]
- Gather all required finding information per report format
- Output gathered finding information to testcase failure message
[1] https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/security-report-format.json
[2] https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tree/master/dist
Additional context/Screenshots
Describe the idea
Instead of case to case parsing, implement a dynamic parsing depending on activity (SAST, Secret, IaC) and report version.
This way, all available information can be parsed without losing context, even if the report formats change.
How to implement?
[1] https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/security-report-format.json
[2] https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tree/master/dist
Additional context/Screenshots