Lower severity of a vulnerability

46141ba2 · Philippe Lafoucrière · Rémy Coutable · c4a7dac3 · 46141ba2
Commit 46141ba2 authored Nov 30, 2020 by Philippe Lafoucrière Committed by Rémy Coutable Nov 30, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

.gitlab/ci/reports.gitlab-ci.yml .gitlab/ci/reports.gitlab-ci.yml +4 -0

No files found.
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -145,6 +145,10 @@ dependency_scanning:
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_MAJOR_VERSION" /code
+    # Post-processing: This will be an after_script once this job will use the Dependency Scanning CI template
+    - apk add jq
+    # Lower execa severity based on https://gitlab.com/gitlab-org/gitlab/-/issues/223859#note_452922390
+    - jq '(.vulnerabilities[] | select (.cve == "yarn.lock:execa:gemnasium:05cfa2e8-2d0c-42c1-8894-638e2f12ff3d")).severity = "Medium"' gl-dependency-scanning-report.json > temp.json && mv temp.json gl-dependency-scanning-report.json
  artifacts:
    paths:
      - gl-dependency-scanning-report.json  # GitLab-specific