Merge branch 'lower-execa' into 'master'

Lower severity of a vulnerability See merge request gitlab-org/gitlab!48572

Merge branch 'lower-execa' into 'master'
Lower severity of a vulnerability See merge request gitlab-org/gitlab!48572
0d9d4ce3 · Rémy Coutable · e5bcd361 · 46141ba2 · 0d9d4ce3
Commit 0d9d4ce3 authored Nov 30, 2020 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

.gitlab/ci/reports.gitlab-ci.yml .gitlab/ci/reports.gitlab-ci.yml +4 -0

No files found.
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -145,6 +145,10 @@ dependency_scanning:
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_MAJOR_VERSION" /code
+    # Post-processing: This will be an after_script once this job will use the Dependency Scanning CI template
+    - apk add jq
+    # Lower execa severity based on https://gitlab.com/gitlab-org/gitlab/-/issues/223859#note_452922390
+    - jq '(.vulnerabilities[] | select (.cve == "yarn.lock:execa:gemnasium:05cfa2e8-2d0c-42c1-8894-638e2f12ff3d")).severity = "Medium"' gl-dependency-scanning-report.json > temp.json && mv temp.json gl-dependency-scanning-report.json
  artifacts:
    paths:
      - gl-dependency-scanning-report.json  # GitLab-specific