Remove elements from base json file

Use base file and remove elements for invalid data

ee/app/services/security/store_report_service.rb

@@ -17,6 +17,7 @@ module Security
     def execute
       # Ensure we're not trying to insert data twice for this report
       return error("#{@report.type} report already stored for this pipeline, skipping...") if executed?
+      raise ParseError, 'JSON parsing failed' if report.error.is_a?(Gitlab::Ci::Parsers::Security::Common::SecurityReportParserError)
 
       vulnerability_ids = create_all_vulnerabilities!
       mark_as_resolved_except(vulnerability_ids)

ee/spec/factories/ci/job_artifacts.rb

@@ -184,8 +184,12 @@ FactoryBot.define do
       file_format { :raw }
 
       after(:build) do |artifact, _|
-        artifact.file = fixture_file_upload(
-          Rails.root.join('ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json'), 'application/json')
+        file = fixture_file_upload(
+          Rails.root.join('ee/spec/fixtures/security_reports/master/gl-sast-report.json'), 'application/json')
+        data = Gitlab::Json.parse(file.tempfile.read)['vulnerabilities'].each { |v| v.delete('identifiers') }.to_json
+        output = Tempfile.new("gl-sast-missing-identifiers")
+        output.write(data)
+        artifact.file = fixture_file_upload(output.path, 'application/json')
       end
     end
 

ee/spec/services/security/store_report_service_spec.rb

@@ -205,14 +205,14 @@ RSpec.describe Security::StoreReportService, '#execute' do
     end
 
     context 'when the finding does not include a primary identifier' do
-      let(:bad_pipeline) { create(:ci_pipeline, project: project) }
-      let(:bad_build) { create(:ci_build, pipeline: bad_pipeline) }
-      let!(:bad_artifact) { create(:ee_ci_job_artifact, :sast_with_missing_identifiers, job: bad_build) }
+      let(:bad_project) { bad_artifact.project }
+      let(:bad_pipeline) { bad_artifact.job.pipeline }
+      let!(:bad_artifact) { create(:ee_ci_job_artifact, :sast_with_missing_identifiers) }
       let(:bad_report) { bad_pipeline.security_reports.get_report(report_type.to_s, bad_artifact) }
       let(:report_type) { :sast }
 
       before do
-        project.add_developer(user)
+        bad_project.add_developer(user)
         allow(bad_pipeline).to receive(:user).and_return(user)
       end