Commit 719697bd authored by Sean McGivern's avatar Sean McGivern

Merge branch '330713-rename-running-container-scanning-to-cluster-image-scanning' into 'master'

Rename report type Running Container Scanning to Cluster Image Scanning

See merge request gitlab-org/gitlab!64877
parents d4f4ad3b bc8bd571
# frozen_string_literal: true
class PlanLimits < ApplicationRecord
include IgnorableColumns
ignore_column :ci_max_artifact_size_running_container_scanning, remove_with: '14.3', remove_after: '2021-08-22'
LimitUndefinedError = Class.new(StandardError)
belongs_to :plan
......
# frozen_string_literal: true
class AddPlanLimitsMaxSizeClusterImageScanningColumn < ActiveRecord::Migration[6.0]
def change
add_column :plan_limits, :ci_max_artifact_size_cluster_image_scanning, :integer, null: false, default: 0
end
end
b37bf7db9c00c8f54c0ccca2d418f1279e12ff7e5b71347966494dc5645eb648
\ No newline at end of file
......@@ -16352,7 +16352,8 @@ CREATE TABLE plan_limits (
ci_registered_project_runners integer DEFAULT 1000 NOT NULL,
web_hook_calls integer DEFAULT 0 NOT NULL,
ci_daily_pipeline_schedule_triggers integer DEFAULT 0 NOT NULL,
ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL
ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL,
ci_max_artifact_size_cluster_image_scanning integer DEFAULT 0 NOT NULL
);
CREATE SEQUENCE plan_limits_id_seq
......@@ -426,6 +426,7 @@ setting is used:
| `ci_max_artifact_size_archive` | 0 |
| `ci_max_artifact_size_browser_performance` | 0 |
| `ci_max_artifact_size_cluster_applications` | 0 |
| `ci_max_artifact_size_cluster_image_scanning` | 0 |
| `ci_max_artifact_size_cobertura` | 0 |
| `ci_max_artifact_size_codequality` | 0 |
| `ci_max_artifact_size_container_scanning` | 0 |
......@@ -444,7 +445,6 @@ setting is used:
| `ci_max_artifact_size_network_referee` | 0 |
| `ci_max_artifact_size_performance` | 0 |
| `ci_max_artifact_size_requirements` | 0 |
| `ci_max_artifact_size_running_container_scanning` | 0 |
| `ci_max_artifact_size_sast` | 0 |
| `ci_max_artifact_size_secret_detection` | 0 |
| `ci_max_artifact_size_terraform` | 5 MB ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37018) in GitLab 13.3) |
......
......@@ -12627,11 +12627,11 @@ Represents summary of a security report.
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="securityreportsummaryapifuzzing"></a>`apiFuzzing` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `api_fuzzing` scan. |
| <a id="securityreportsummaryclusterimagescanning"></a>`clusterImageScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `cluster_image_scanning` scan. |
| <a id="securityreportsummarycontainerscanning"></a>`containerScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `container_scanning` scan. |
| <a id="securityreportsummarycoveragefuzzing"></a>`coverageFuzzing` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `coverage_fuzzing` scan. |
| <a id="securityreportsummarydast"></a>`dast` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `dast` scan. |
| <a id="securityreportsummarydependencyscanning"></a>`dependencyScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `dependency_scanning` scan. |
| <a id="securityreportsummaryrunningcontainerscanning"></a>`runningContainerScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `running_container_scanning` scan. |
| <a id="securityreportsummarysast"></a>`sast` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `sast` scan. |
| <a id="securityreportsummarysecretdetection"></a>`secretDetection` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `secret_detection` scan. |
......@@ -13486,7 +13486,7 @@ Represents a vulnerability.
| <a id="vulnerabilitynotes"></a>`notes` | [`NoteConnection!`](#noteconnection) | All notes on this noteable. (see [Connections](#connections)) |
| <a id="vulnerabilityprimaryidentifier"></a>`primaryIdentifier` | [`VulnerabilityIdentifier`](#vulnerabilityidentifier) | Primary identifier of the vulnerability. |
| <a id="vulnerabilityproject"></a>`project` | [`Project`](#project) | The project on which the vulnerability was found. |
| <a id="vulnerabilityreporttype"></a>`reportType` | [`VulnerabilityReportType`](#vulnerabilityreporttype) | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING, RUNNING_CONTAINER_SCANNING). `Scan Type` in the UI. |
| <a id="vulnerabilityreporttype"></a>`reportType` | [`VulnerabilityReportType`](#vulnerabilityreporttype) | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING, CLUSTER_IMAGE_SCANNING). `Scan Type` in the UI. |
| <a id="vulnerabilityresolvedat"></a>`resolvedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to resolved. |
| <a id="vulnerabilityresolvedby"></a>`resolvedBy` | [`UserCore`](#usercore) | The user that resolved the vulnerability. |
| <a id="vulnerabilityresolvedondefaultbranch"></a>`resolvedOnDefaultBranch` | [`Boolean!`](#boolean) | Indicates whether the vulnerability is fixed on the default branch or not. |
......@@ -15162,11 +15162,11 @@ The type of the security scan that found the vulnerability.
| Value | Description |
| ----- | ----------- |
| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | |
| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | |
| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | |
| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | |
| <a id="vulnerabilityreporttypedast"></a>`DAST` | |
| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | |
| <a id="vulnerabilityreporttyperunning_container_scanning"></a>`RUNNING_CONTAINER_SCANNING` | |
| <a id="vulnerabilityreporttypesast"></a>`SAST` | |
| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | |
......
......@@ -17318,6 +17318,18 @@ Status: `data_available`
Tiers:
### `usage_activity_by_stage.secure.cluster_image_scanning_scans`
Counts cluster image scanning jobs
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_all/20210618124854_cluster_image_scanning_scans.yml)
Group: `group::container security`
Status: `implemented`
Tiers: `ultimate`
### `usage_activity_by_stage.secure.container_scanning_scans`
Counts container scanning jobs
......@@ -17366,18 +17378,6 @@ Status: `data_available`
Tiers: `ultimate`
### `usage_activity_by_stage.secure.running_container_scanning_scans`
Counts running container scanning jobs
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_all/20210618124854_running_container_scanning_scans.yml)
Group: `group::container security`
Status: `data_available`
Tiers: `ultimate`
### `usage_activity_by_stage.secure.sast_scans`
Counts sast jobs
......@@ -19394,6 +19394,30 @@ Status: `data_available`
Tiers: `free`
### `usage_activity_by_stage_monthly.secure.cluster_image_scanning_pipeline`
Pipelines containing a Cluster Image Scanning job
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_28d/20210618125224_cluster_image_scanning_pipeline.yml)
Group: `group::container security`
Status: `implemented`
Tiers: `ultimate`
### `usage_activity_by_stage_monthly.secure.cluster_image_scanning_scans`
Counts cluster image scanning jobs
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_28d/20210618101233_cluster_image_scanning_scans.yml)
Group: `group::container security`
Status: `implemented`
Tiers: `ultimate`
### `usage_activity_by_stage_monthly.secure.container_scanning_pipeline`
Pipelines containing a Container Scanning job
......@@ -19490,30 +19514,6 @@ Status: `data_available`
Tiers: `ultimate`
### `usage_activity_by_stage_monthly.secure.running_container_scanning_pipeline`
Pipelines containing a Running Container Scanning job
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_28d/20210618125224_running_container_scanning_pipeline.yml)
Group: `group::container security`
Status: `data_available`
Tiers: `ultimate`
### `usage_activity_by_stage_monthly.secure.running_container_scanning_scans`
Counts running container scanning jobs
[YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/config/metrics/counts_28d/20210618101233_running_container_scanning_scans.yml)
Group: `group::container security`
Status: `data_available`
Tiers: `ultimate`
### `usage_activity_by_stage_monthly.secure.sast_pipeline`
Counts of Pipelines that have at least 1 SAST job
......
......@@ -11,7 +11,7 @@ module EE
dast: 3,
coverage_fuzzing: 5,
api_fuzzing: 6,
running_container_scanning: 7
cluster_image_scanning: 7
}.freeze
class_methods do
......
......@@ -24,7 +24,7 @@ module Security
secret_detection: 5,
coverage_fuzzing: 6,
api_fuzzing: 7,
running_container_scanning: 8
cluster_image_scanning: 8
}
scope :by_scan_types, -> (scan_types) { where(scan_type: scan_types) }
......
---
key_path: usage_activity_by_stage.secure.running_container_scanning_scans
description: 'Counts running container scanning jobs'
key_path: usage_activity_by_stage_monthly.secure.cluster_image_scanning_scans
description: 'Counts cluster image scanning jobs'
product_section: sec
product_stage: protect
product_group: group::container security
product_category: container_scanning
value_type: number
status: data_available
status: implemented
time_frame: all
data_source: database
data_category: Optional
......
---
key_path: usage_activity_by_stage_monthly.secure.running_container_scanning_pipeline
description: Pipelines containing a Running Container Scanning job
key_path: usage_activity_by_stage_monthly.secure.cluster_image_scanning_pipeline
description: Pipelines containing a Cluster Image Scanning job
product_section: sec
product_stage: protect
product_group: group::container security
product_category: container_scanning
value_type: number
status: data_available
status: implemented
time_frame: 28d
data_source: database
data_category: Optional
......
---
key_path: usage_activity_by_stage_monthly.secure.running_container_scanning_scans
description: 'Counts running container scanning jobs'
key_path: usage_activity_by_stage.secure.cluster_image_scanning_scans
description: 'Counts cluster image scanning jobs'
product_section: sec
product_stage: protect
product_group: group::container security
product_category: container_scanning
value_type: number
status: data_available
status: implemented
time_frame: all
data_source: database
data_category: Optional
......
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Report format for GitLab Running Container Scanning",
"description": "This schema provides the the report format for Running Container Scanning (https://docs.gitlab.com/ee/user/application_security/running_container_scanning).",
"title": "Report format for GitLab Cluster Image Scanning",
"description": "This schema provides the the report format for Cluster Image Scanning.",
"definitions": {
"detail_type": {
"oneOf": [
......
......@@ -18,7 +18,7 @@ RSpec.describe Resolvers::SecurityReportSummaryResolver do
dast: [:scanned_resources_count, :vulnerabilities_count, :scans],
sast: [:scanned_resources_count, :vulnerabilities_count],
container_scanning: [:scanned_resources_count, :vulnerabilities_count],
running_container_scanning: [:scanned_resources_count, :vulnerabilities_count],
cluster_image_scanning: [:scanned_resources_count, :vulnerabilities_count],
dependency_scanning: [:scanned_resources_count, :vulnerabilities_count],
coverage_fuzzing: [:scanned_resources_count, :vulnerabilities_count]
}
......
......@@ -6,7 +6,7 @@ RSpec.describe GitlabSchema.types['SecurityReportSummary'] do
specify { expect(described_class.graphql_name).to eq('SecurityReportSummary') }
it 'has specific fields' do
expected_fields = %w[dast sast containerScanning dependencyScanning runningContainerScanning]
expected_fields = %w[dast sast containerScanning dependencyScanning clusterImageScanning]
expect(described_class).to include_graphql_fields(*expected_fields)
end
......
......@@ -4,6 +4,6 @@ require 'spec_helper'
RSpec.describe GitlabSchema.types['VulnerabilityReportType'] do
it 'exposes all vulnerability report types' do
expect(described_class.values.keys).to match_array(%w[SAST SECRET_DETECTION DAST RUNNING_CONTAINER_SCANNING CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING API_FUZZING])
expect(described_class.values.keys).to match_array(%w[SAST SECRET_DETECTION DAST CLUSTER_IMAGE_SCANNING CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING API_FUZZING])
end
end
......@@ -6,7 +6,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
using RSpec::Parameterized::TableSyntax
where(:report_type, :expected_errors, :valid_data) do
:running_container_scanning | ['root is missing required keys: vulnerabilities'] | { 'version' => '10.0.0', 'vulnerabilities' => [] }
:cluster_image_scanning | ['root is missing required keys: vulnerabilities'] | { 'version' => '10.0.0', 'vulnerabilities' => [] }
:container_scanning | ['root is missing required keys: vulnerabilities'] | { 'version' => '10.0.0', 'vulnerabilities' => [] }
:coverage_fuzzing | ['root is missing required keys: vulnerabilities'] | { 'version' => '10.0.0', 'vulnerabilities' => [] }
:dast | ['root is missing required keys: vulnerabilities'] | { 'version' => '10.0.0', 'vulnerabilities' => [] }
......
......@@ -18,7 +18,7 @@ RSpec.describe Vulnerability do
secret_detection: 4,
coverage_fuzzing: 5,
api_fuzzing: 6,
running_container_scanning: 7 }
cluster_image_scanning: 7 }
end
let_it_be(:project) { create(:project) }
......
......@@ -185,7 +185,7 @@ RSpec.describe PlanLimits do
ci_max_artifact_size_junit
ci_max_artifact_size_sast
ci_max_artifact_size_dast
ci_max_artifact_size_running_container_scanning
ci_max_artifact_size_cluster_image_scanning
ci_max_artifact_size_codequality
ci_max_artifact_size_license_management
ci_max_artifact_size_performance
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment