@codejedi365/security-report-schemas NPM

Schemas for GitLab security reports

This package maintains the schema definitions for the security reports emitted by GitLab security scanners. It defines the reports for:

The schemas are defined using JSON Schema. Any security scanner that integrates into GitLab must produce a JSON report that adheres to one of above schemas.

More information about the how and why of the schemas can be found by watching the Security Report Format Brown Bag Session.

Schema Versioning

This package follows the SchemaVer standard MODEL.REVISION.ADDITION to version JSON schemas. The package version mirrors the current standard version for all schemas.

Handling Updates

Review the CHANGELOG to read through the latest changes in the schema definitions.

Additional Properties

Secure schemas allow for additional properties to be present in JSON files. This means that the schemas are only concerned with fields in a Secure Report that are defined by the schema. The presence of any additional fields will not cause validation to fail.

This is useful for products that produce Secure Reports:

Experimental fields can be added to a Secure Report, without affecting how the report is used.
It allows the product to be ahead of the Secure Report Format, when the product team is confident new fields will be merged into the schemas.

Any additional properties added to a Secure Report are considered experimental and may not be supported. For this reason, adding optional fields to the Secure Report Format is considered an ADDITION, not a REVISION change.

Bugs & Contributing

If you find a bug, please report it to our issues queue at gitlab.org/.../security-report-schemas/issues

If you want to help and extend the list of supported scanners, read the contribution guidelines gitlab.org/.../security-report-schemas/CONTRIBUTING.md

gitlab dependency audit scan ci security schema report

14.0.1

4 years ago