Commit 19df21e0 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Mark projects as vulnerable

parent 621b221c
......@@ -6,20 +6,35 @@ module Security
class StoreReportsService < ::BaseService
def initialize(pipeline)
@pipeline = pipeline
@errors = []
end
def execute
errors = []
@pipeline.security_reports.reports.each do |report_type, report|
result = StoreReportService.new(@pipeline, report).execute
store_reports
mark_project_as_vulnerable
errors.any? ? error(full_errors) : success
end
private
attr_reader :pipeline, :errors
delegate :project, to: :pipeline, private: true
def store_reports
pipeline.security_reports.reports.each do |report_type, report|
result = StoreReportService.new(pipeline, report).execute
errors << result[:message] if result[:status] == :error
end
end
if errors.any?
error(errors.join(", "))
else
success
def mark_project_as_vulnerable
project.project_setting.update(has_vulnerabilities: true)
end
def full_errors
errors.join(", ")
end
end
end
......@@ -33,6 +33,10 @@ RSpec.describe Security::StoreReportsService do
subject
end
it 'marks the project as vulnerable' do
expect { subject }.to change { project.project_setting.has_vulnerabilities }.from(false).to(true)
end
context 'when StoreReportService returns an error for a report' do
let(:reports) { Gitlab::Ci::Reports::Security::Reports.new(pipeline) }
let(:sast_report) { reports.get_report('sast', sast_artifact) }
......
......@@ -683,6 +683,7 @@ ProjectCiCdSetting:
ProjectSetting:
- allow_merge_on_skipped_pipeline
- has_confluence
- has_vulnerabilities
ProtectedEnvironment:
- id
- project_id
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment