Remove outdated Container Scanning code

Since we now retrieve data from the Backend, we can remove the parsing
log from the Frontend. See:
https://gitlab.com/groups/gitlab-org/-/epics/1425

ee/app/assets/javascripts/vue_shared/security_reports/store/actions.js

@@ -50,11 +50,6 @@ export const setCanCreateFeedbackPermission = ({ commit }, permission) =>
 /**
  * SAST CONTAINER
  */
-export const setSastContainerHeadPath = ({ commit }, path) =>
-  commit(types.SET_SAST_CONTAINER_HEAD_PATH, path);
-
-export const setSastContainerBasePath = ({ commit }, path) =>
-  commit(types.SET_SAST_CONTAINER_BASE_PATH, path);
 
 export const setSastContainerDiffEndpoint = ({ commit }, path) =>
   commit(types.SET_SAST_CONTAINER_DIFF_ENDPOINT, path);
@@ -62,12 +57,6 @@ export const setSastContainerDiffEndpoint = ({ commit }, path) =>
 export const requestSastContainerReports = ({ commit }) =>
   commit(types.REQUEST_SAST_CONTAINER_REPORTS);
 
-export const receiveSastContainerReports = ({ commit }, response) =>
-  commit(types.RECEIVE_SAST_CONTAINER_REPORTS, response);
-
-export const receiveSastContainerError = ({ commit }, error) =>
-  commit(types.RECEIVE_SAST_CONTAINER_ERROR, error);
-
 export const receiveSastContainerDiffSuccess = ({ commit }, response) =>
   commit(types.RECEIVE_SAST_CONTAINER_DIFF_SUCCESS, response);
 
@@ -96,32 +85,6 @@ export const fetchSastContainerDiff = ({ state, dispatch }) => {
     });
 };
 
-export const fetchSastContainerReports = ({ state, dispatch }) => {
-  const { base, head } = state.sastContainer.paths;
-
-  dispatch('requestSastContainerReports');
-
-  return Promise.all([
-    head ? axios.get(head) : Promise.resolve(),
-    base ? axios.get(base) : Promise.resolve(),
-    axios.get(state.vulnerabilityFeedbackPath, {
-      params: {
-        category: 'container_scanning',
-      },
-    }),
-  ])
-    .then(values => {
-      dispatch('receiveSastContainerReports', {
-        head: values[0] ? values[0].data : null,
-        base: values[1] ? values[1].data : null,
-        enrichData: values && values[2] ? values[2].data : [],
-      });
-    })
-    .catch(() => {
-      dispatch('receiveSastContainerError');
-    });
-};
-
 export const updateContainerScanningIssue = ({ commit }, issue) =>
   commit(types.UPDATE_CONTAINER_SCANNING_ISSUE, issue);
 

ee/app/assets/javascripts/vue_shared/security_reports/store/mutation_types.js

@@ -14,12 +14,8 @@ export const SET_CAN_CREATE_ISSUE_PERMISSION = 'SET_CAN_CREATE_ISSUE_PERMISSION'
 export const SET_CAN_CREATE_FEEDBACK_PERMISSION = 'SET_CAN_CREATE_FEEDBACK_PERMISSION';
 
 // SAST CONTAINER
-export const SET_SAST_CONTAINER_HEAD_PATH = 'SET_SAST_CONTAINER_HEAD_PATH';
-export const SET_SAST_CONTAINER_BASE_PATH = 'SET_SAST_CONTAINER_BASE_PATH';
 export const SET_SAST_CONTAINER_DIFF_ENDPOINT = 'SET_SAST_CONTAINER_DIFF_ENDPOINT';
 export const REQUEST_SAST_CONTAINER_REPORTS = 'REQUEST_SAST_CONTAINER_REPORTS';
-export const RECEIVE_SAST_CONTAINER_REPORTS = 'RECEIVE_SAST_CONTAINER_REPORTS';
-export const RECEIVE_SAST_CONTAINER_ERROR = 'RECEIVE_SAST_CONTAINER_ERROR';
 export const RECEIVE_SAST_CONTAINER_DIFF_SUCCESS = 'RECEIVE_SAST_CONTAINER_DIFF_SUCCESS';
 export const RECEIVE_SAST_CONTAINER_DIFF_ERROR = 'RECEIVE_SAST_CONTAINER_DIFF_ERROR';
 

ee/app/assets/javascripts/vue_shared/security_reports/store/mutations.js

 import Vue from 'vue';
 import * as types from './mutation_types';
-import {
-  parseDependencyScanningIssues,
-  parseDastIssues,
-  getUnapprovedVulnerabilities,
-  findIssueIndex,
-  parseDiff,
-} from './utils';
+import { parseDependencyScanningIssues, parseDastIssues, findIssueIndex, parseDiff } from './utils';
 import filterByKey from './utils/filter_by_key';
 import getFileLocation from './utils/get_file_location';
-import { parseSastContainer } from './utils/container_scanning';
 import { visitUrl } from '~/lib/utils/url_utility';
 
 export default {
@@ -58,14 +51,6 @@ export default {
   },
 
   // SAST CONTAINER
-  [types.SET_SAST_CONTAINER_HEAD_PATH](state, path) {
-    Vue.set(state.sastContainer.paths, 'head', path);
-  },
-
-  [types.SET_SAST_CONTAINER_BASE_PATH](state, path) {
-    Vue.set(state.sastContainer.paths, 'base', path);
-  },
-
   [types.SET_SAST_CONTAINER_DIFF_ENDPOINT](state, path) {
     Vue.set(state.sastContainer.paths, 'diffEndpoint', path);
   },
@@ -74,38 +59,6 @@ export default {
     Vue.set(state.sastContainer, 'isLoading', true);
   },
 
-  /**
-   * For sast container we only render unapproved vulnerabilities.
-   */
-  [types.RECEIVE_SAST_CONTAINER_REPORTS](state, reports) {
-    if (reports.base && reports.head) {
-      const headIssues = getUnapprovedVulnerabilities(
-        parseSastContainer(reports.head.vulnerabilities, reports.enrichData, reports.head.image),
-        reports.head.unapproved,
-      );
-      const baseIssues = getUnapprovedVulnerabilities(
-        parseSastContainer(reports.base.vulnerabilities, reports.enrichData, reports.base.image),
-        reports.base.unapproved,
-      );
-      const filterKey = 'vulnerability';
-
-      const newIssues = filterByKey(headIssues, baseIssues, filterKey);
-      const resolvedIssues = filterByKey(baseIssues, headIssues, filterKey);
-
-      Vue.set(state.sastContainer, 'newIssues', newIssues);
-      Vue.set(state.sastContainer, 'resolvedIssues', resolvedIssues);
-      Vue.set(state.sastContainer, 'isLoading', false);
-    } else if (reports.head && !reports.base) {
-      const newIssues = getUnapprovedVulnerabilities(
-        parseSastContainer(reports.head.vulnerabilities, reports.enrichData, reports.head.image),
-        reports.head.unapproved,
-      );
-
-      Vue.set(state.sastContainer, 'newIssues', newIssues);
-      Vue.set(state.sastContainer, 'isLoading', false);
-    }
-  },
-
   [types.RECEIVE_SAST_CONTAINER_DIFF_SUCCESS](state, { diff, enrichData }) {
     const { added, fixed, existing } = parseDiff(diff, enrichData);
     const baseReportOutofDate = diff.base_report_out_of_date || false;
@@ -124,11 +77,6 @@ export default {
     Vue.set(state.sastContainer, 'hasError', true);
   },
 
-  [types.RECEIVE_SAST_CONTAINER_ERROR](state) {
-    Vue.set(state.sastContainer, 'isLoading', false);
-    Vue.set(state.sastContainer, 'hasError', true);
-  },
-
   // DAST
 
   [types.SET_DAST_HEAD_PATH](state, path) {

ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js

@@ -260,9 +260,6 @@ export const parseDastIssues = (sites = [], feedback = []) =>
     [],
   );
 
-export const getUnapprovedVulnerabilities = (issues = [], unapproved = []) =>
-  issues.filter(item => unapproved.find(el => el === item.vulnerability));
-
 export const groupedTextBuilder = ({
   reportType = '',
   paths = {},

ee/app/assets/javascripts/vue_shared/security_reports/store/utils/container_scanning.js

-import { SEVERITY_LEVELS } from 'ee/security_dashboard/store/constants';
-import sha1 from 'sha1';
-import _ from 'underscore';
-import { s__, sprintf } from '~/locale';
-import { enrichVulnerabilityWithFeedback } from '../utils';
-
-/*
-  Container scanning mapping utils
-  This file contains all functions for mapping container scanning vulnerabilities
-  to match the representation that we are building in the backend:
-
-  https://gitlab.com/gitlab-org/gitlab/blob/bbcd07475f0334/ee/lib/gitlab/ci/parsers/security/container_scanning.rb
-
-  All these function can hopefully be removed as soon as we retrieve the data from the backend.
- */
-
-export const formatContainerScanningDescription = ({
-  description,
-  namespace,
-  vulnerability,
-  featurename,
-  featureversion,
-}) => {
-  if (!_.isEmpty(description)) {
-    return description;
-  }
-
-  let generated;
-
-  if (featurename && featureversion) {
-    generated = `${featurename}:${featureversion}`;
-  } else if (featurename) {
-    generated = featurename;
-  } else {
-    generated = namespace;
-  }
-
-  return sprintf(s__('ciReport|%{namespace} is affected by %{vulnerability}.'), {
-    namespace: generated,
-    vulnerability,
-  });
-};
-
-export const formatContainerScanningMessage = ({ vulnerability, featurename }) => {
-  if (featurename) {
-    return sprintf(s__('ciReport|%{vulnerability} in %{featurename}'), {
-      vulnerability,
-      featurename,
-    });
-  }
-  return vulnerability;
-};
-
-export const formatContainerScanningSolution = ({ fixedby, featurename, featureversion }) => {
-  if (!_.isEmpty(fixedby)) {
-    if (!_.isEmpty(featurename)) {
-      if (!_.isEmpty(featureversion)) {
-        return sprintf(s__('ciReport|Upgrade %{name} from %{version} to %{fixed}.'), {
-          name: featurename,
-          version: featureversion,
-          fixed: fixedby,
-        });
-      }
-
-      return sprintf(s__('ciReport|Upgrade %{name} to %{fixed}.'), {
-        name: featurename,
-        fixed: fixedby,
-      });
-    }
-
-    return sprintf(s__('ciReport|Upgrade to %{fixed}.'), {
-      fixed: fixedby,
-    });
-  }
-
-  return null;
-};
-
-export const parseContainerScanningSeverity = severity => {
-  /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  if (severity === 'Defcon1') {
-    return SEVERITY_LEVELS.critical;
-    /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  } else if (severity === 'Negligible') {
-    return SEVERITY_LEVELS.low;
-  }
-  return severity;
-};
-
-/**
- * Parses Container Scanning results into a common format to allow to use the same Vue component.
- * Container Scanning report is currently the straight output from the underlying tool
- * (clair scanner) hence the formatting happening here.
- *
- * @param {Array} issues
- * @param {Array} feedback
- * @param {String} image name
- * @returns {Array}
- */
-export const parseSastContainer = (issues = [], feedback = [], image) =>
-  issues.map(issue => {
-    const message = formatContainerScanningMessage(issue);
-
-    /*
-     The following fields are copying the backend data structure, as can be found in:
-     https://gitlab.com/gitlab-org/gitlab/blob/f8f5724bb47712df0a618ae0a447b69a6ef47c0c/ee/lib/gitlab/ci/parsers/security/container_scanning.rb#L42-72
-     */
-    const parsed = {
-      category: 'container_scanning',
-      message,
-      description: formatContainerScanningDescription(issue),
-      cve: issue.vulnerability,
-      severity: parseContainerScanningSeverity(issue.severity),
-      confidence: SEVERITY_LEVELS.medium,
-      location: {
-        image,
-        operating_system: issue.namespace,
-      },
-      /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-      scanner: { id: 'clair', name: 'Clair' },
-      identifiers: [
-        {
-          type: 'CVE',
-          name: issue.vulnerability,
-          value: issue.vulnerability,
-          url: `https://cve.mitre.org/cgi-bin/cvename.cgi?name=${issue.vulnerability}`,
-        },
-      ],
-    };
-
-    const solution = formatContainerScanningSolution(issue);
-
-    if (solution) {
-      parsed.solution = solution;
-    }
-
-    if (issue.featurename) {
-      const dependency = {
-        package: {
-          name: issue.featurename,
-        },
-      };
-      if (issue.featureversion) {
-        dependency.version = issue.featureversion;
-      }
-      parsed.location.dependency = dependency;
-    }
-
-    if (issue.link) {
-      parsed.links = [{ url: issue.link }];
-    }
-
-    /*
-     The following properties are set only created in the frontend.
-     This is done for legacy reasons and they should be made obsolete,
-     before switching to the Backend implementation
-     */
-    const frontendOnly = {
-      project_fingerprint: sha1(issue.vulnerability),
-      title: message,
-      vulnerability: issue.vulnerability,
-    };
-
-    return {
-      ...parsed,
-      ...frontendOnly,
-      ...enrichVulnerabilityWithFeedback(frontendOnly, feedback),
-    };
-  });

ee/spec/frontend/vue_shared/security_reports/mock_data.js

-const libTiffCveFingerprint = 'e503c23a7776dd5e2c35ac63c8cce6b6468be9ba';
 const libTiffCveFingerprint2 = '29af456d1107381bc2511646e2ae488ddfe9a8ed';
 
 export const sastParsedIssues = [
@@ -472,143 +471,6 @@ export const parsedDependencyScanningBaseStore = [
   },
 ];
 
-export const parsedSastContainerBaseStore = [
-  {
-    category: 'container_scanning',
-    message: 'CVE-2014-8130',
-    description: 'debian:8 is affected by CVE-2014-8130.',
-    cve: 'CVE-2014-8130',
-    severity: 'Low',
-    confidence: 'Medium',
-    location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
-    scanner: { id: 'clair', name: 'Clair' },
-    identifiers: [
-      {
-        name: 'CVE-2014-8130',
-        type: 'CVE',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130',
-        value: 'CVE-2014-8130',
-      },
-    ],
-    project_fingerprint: 'e1f22cd89e3c306541d7c804b29255b5cc275d6d',
-    title: 'CVE-2014-8130',
-    vulnerability: 'CVE-2014-8130',
-  },
-];
-
-export const dockerReport = {
-  image: 'registry.example.com/example/master:1234',
-  unapproved: ['CVE-2017-12944', 'CVE-2017-16232'],
-  vulnerabilities: [
-    {
-      vulnerability: 'CVE-2017-12944',
-      namespace: 'debian:8',
-      severity: 'Medium',
-    },
-    {
-      vulnerability: 'CVE-2017-16232',
-      namespace: 'debian:8',
-      severity: 'Negligible',
-    },
-    {
-      vulnerability: 'CVE-2014-8130',
-      namespace: 'debian:8',
-      severity: 'Negligible',
-    },
-  ],
-};
-
-export const dockerBaseReport = {
-  image: 'registry.example.com/example/master:1234',
-  unapproved: ['CVE-2017-12944', 'CVE-2014-8130'],
-  vulnerabilities: [
-    {
-      vulnerability: 'CVE-2017-12944',
-      namespace: 'debian:8',
-      severity: 'Medium',
-    },
-    {
-      vulnerability: 'CVE-2017-16232',
-      namespace: 'debian:8',
-      severity: 'Negligible',
-    },
-    {
-      vulnerability: 'CVE-2014-8130',
-      namespace: 'debian:8',
-      severity: 'Negligible',
-    },
-  ],
-};
-
-export const dockerNewIssues = [
-  {
-    category: 'container_scanning',
-    message: 'CVE-2017-16232',
-    description: 'debian:8 is affected by CVE-2017-16232.',
-    cve: 'CVE-2017-16232',
-    severity: 'Low',
-    confidence: 'Medium',
-    location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
-    scanner: { id: 'clair', name: 'Clair' },
-    identifiers: [
-      {
-        type: 'CVE',
-        name: 'CVE-2017-16232',
-        value: 'CVE-2017-16232',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
-      },
-    ],
-    project_fingerprint: libTiffCveFingerprint,
-    title: 'CVE-2017-16232',
-    vulnerability: 'CVE-2017-16232',
-  },
-];
-
-export const dockerOnlyHeadParsed = [
-  {
-    category: 'container_scanning',
-    message: 'CVE-2017-12944',
-    description: 'debian:8 is affected by CVE-2017-12944.',
-    cve: 'CVE-2017-12944',
-    severity: 'Medium',
-    confidence: 'Medium',
-    location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
-    scanner: { id: 'clair', name: 'Clair' },
-    identifiers: [
-      {
-        type: 'CVE',
-        name: 'CVE-2017-12944',
-        value: 'CVE-2017-12944',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944',
-      },
-    ],
-    project_fingerprint: libTiffCveFingerprint2,
-    title: 'CVE-2017-12944',
-    vulnerability: 'CVE-2017-12944',
-  },
-  {
-    category: 'container_scanning',
-    message: 'CVE-2017-16232',
-    description: 'debian:8 is affected by CVE-2017-16232.',
-    cve: 'CVE-2017-16232',
-    severity: 'Low',
-    confidence: 'Medium',
-    location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
-    scanner: { id: 'clair', name: 'Clair' },
-    identifiers: [
-      {
-        type: 'CVE',
-        name: 'CVE-2017-16232',
-        value: 'CVE-2017-16232',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
-      },
-    ],
-    project_fingerprint: libTiffCveFingerprint,
-    title: 'CVE-2017-16232',
-    vulnerability: 'CVE-2017-16232',
-  },
-];
-
 export const dockerReportParsed = {
   unapproved: [
     {

ee/spec/frontend/vue_shared/security_reports/store/actions_spec.js

@@ -7,12 +7,7 @@ import {
   setPipelineId,
   setCanCreateIssuePermission,
   setCanCreateFeedbackPermission,
-  setSastContainerHeadPath,
-  setSastContainerBasePath,
   requestSastContainerReports,
-  receiveSastContainerReports,
-  receiveSastContainerError,
-  fetchSastContainerReports,
   setDastHeadPath,
   setDastBasePath,
   requestDastReports,
@@ -76,8 +71,6 @@ import {
   sastIssuesBase,
   dast,
   dastBase,
-  dockerReport,
-  dockerBaseReport,
   sastFeedbacks,
   dastFeedbacks,
   containerScanningFeedbacks,
@@ -252,42 +245,6 @@ describe('security reports actions', () => {
     });
   });
 
-  describe('setSastContainerHeadPath', () => {
-    it('should commit set head blob path', done => {
-      testAction(
-        setSastContainerHeadPath,
-        'path',
-        mockedState,
-        [
-          {
-            type: types.SET_SAST_CONTAINER_HEAD_PATH,
-            payload: 'path',
-          },
-        ],
-        [],
-        done,
-      );
-    });
-  });
-
-  describe('setSastContainerBasePath', () => {
-    it('should commit set head blob path', done => {
-      testAction(
-        setSastContainerBasePath,
-        'path',
-        mockedState,
-        [
-          {
-            type: types.SET_SAST_CONTAINER_BASE_PATH,
-            payload: 'path',
-          },
-        ],
-        [],
-        done,
-      );
-    });
-  });
-
   describe('requestSastContainerReports', () => {
     it('should commit request mutation', done => {
       testAction(
@@ -305,162 +262,6 @@ describe('security reports actions', () => {
     });
   });
 
-  describe('receiveSastContainerReports', () => {
-    it('should commit sast receive mutation', done => {
-      testAction(
-        receiveSastContainerReports,
-        {},
-        mockedState,
-        [
-          {
-            type: types.RECEIVE_SAST_CONTAINER_REPORTS,
-            payload: {},
-          },
-        ],
-        [],
-        done,
-      );
-    });
-  });
-
-  describe('receiveSastContainerError', () => {
-    it('should commit sast error mutation', done => {
-      const error = new Error('test');
-
-      testAction(
-        receiveSastContainerError,
-        error,
-        mockedState,
-        [
-          {
-            type: types.RECEIVE_SAST_CONTAINER_ERROR,
-            payload: error,
-          },
-        ],
-        [],
-        done,
-      );
-    });
-  });
-
-  describe('fetchSastContainerReports', () => {
-    describe('with head and base', () => {
-      it('should dispatch `receiveSastContainerReports`', done => {
-        mock.onGet('foo').reply(200, dockerReport);
-        mock.onGet('bar').reply(200, dockerBaseReport);
-        mock
-          .onGet('vulnerabilities_path', {
-            params: {
-              category: 'container_scanning',
-            },
-          })
-          .reply(200, containerScanningFeedbacks);
-
-        mockedState.vulnerabilityFeedbackPath = 'vulnerabilities_path';
-        mockedState.sastContainer.paths.head = 'foo';
-        mockedState.sastContainer.paths.base = 'bar';
-
-        testAction(
-          fetchSastContainerReports,
-          null,
-          mockedState,
-          [],
-          [
-            {
-              type: 'requestSastContainerReports',
-            },
-            {
-              type: 'receiveSastContainerReports',
-              payload: {
-                head: dockerReport,
-                base: dockerBaseReport,
-                enrichData: containerScanningFeedbacks,
-              },
-            },
-          ],
-          done,
-        );
-      });
-
-      it('should dispatch `receiveSastContainerError`', done => {
-        mock.onGet('foo').reply(500, {});
-        mockedState.sastContainer.paths.head = 'foo';
-        mockedState.sastContainer.paths.base = 'bar';
-
-        testAction(
-          fetchSastContainerReports,
-          null,
-          mockedState,
-          [],
-          [
-            {
-              type: 'requestSastContainerReports',
-            },
-            {
-              type: 'receiveSastContainerError',
-            },
-          ],
-          done,
-        );
-      });
-    });
-
-    describe('with head', () => {
-      it('should dispatch `receiveSastContainerReports`', done => {
-        mock.onGet('foo').reply(200, dockerReport);
-        mock
-          .onGet('vulnerabilities_path', {
-            params: {
-              category: 'container_scanning',
-            },
-          })
-          .reply(200, containerScanningFeedbacks);
-
-        mockedState.vulnerabilityFeedbackPath = 'vulnerabilities_path';
-
-        mockedState.sastContainer.paths.head = 'foo';
-
-        testAction(
-          fetchSastContainerReports,
-          null,
-          mockedState,
-          [],
-          [
-            {
-              type: 'requestSastContainerReports',
-            },
-            {
-              type: 'receiveSastContainerReports',
-              payload: { head: dockerReport, base: null, enrichData: containerScanningFeedbacks },
-            },
-          ],
-          done,
-        );
-      });
-
-      it('should dispatch `receiveSastContainerError`', done => {
-        mock.onGet('foo').reply(500, {});
-        mockedState.sastContainer.paths.head = 'foo';
-
-        testAction(
-          fetchSastContainerReports,
-          null,
-          mockedState,
-          [],
-          [
-            {
-              type: 'requestSastContainerReports',
-            },
-            {
-              type: 'receiveSastContainerError',
-            },
-          ],
-          done,
-        );
-      });
-    });
-  });
-
   describe('setDastHeadPath', () => {
     it('should commit set head blob path', done => {
       testAction(

ee/spec/frontend/vue_shared/security_reports/store/mutations_spec.js

@@ -7,11 +7,7 @@ import {
   parsedDependencyScanningIssuesHead,
   parsedDependencyScanningBaseStore,
   parsedDependencyScanningIssuesStore,
-  parsedSastContainerBaseStore,
-  dockerReport,
-  dockerBaseReport,
-  dockerNewIssues,
-  dockerOnlyHeadParsed,
+  mockFindings,
   dast,
   dastBase,
   parsedDastNewIssues,
@@ -86,22 +82,6 @@ describe('security reports mutations', () => {
     });
   });
 
-  describe('SET_SAST_CONTAINER_HEAD_PATH', () => {
-    it('should set sast container head path', () => {
-      mutations[types.SET_SAST_CONTAINER_HEAD_PATH](stateCopy, 'head_path');
-
-      expect(stateCopy.sastContainer.paths.head).toEqual('head_path');
-    });
-  });
-
-  describe('SET_SAST_CONTAINER_BASE_PATH', () => {
-    it('should set sast container base path', () => {
-      mutations[types.SET_SAST_CONTAINER_BASE_PATH](stateCopy, 'base_path');
-
-      expect(stateCopy.sastContainer.paths.base).toEqual('base_path');
-    });
-  });
-
   describe('REQUEST_SAST_CONTAINER_REPORTS', () => {
     it('should set sast container loading flag to true', () => {
       mutations[types.REQUEST_SAST_CONTAINER_REPORTS](stateCopy);
@@ -110,41 +90,6 @@ describe('security reports mutations', () => {
     });
   });
 
-  describe('RECEIVE_SAST_CONTAINER_REPORTS', () => {
-    describe('with head and base', () => {
-      it('should set new and resolved issues', () => {
-        mutations[types.RECEIVE_SAST_CONTAINER_REPORTS](stateCopy, {
-          head: dockerReport,
-          base: dockerBaseReport,
-        });
-
-        expect(stateCopy.sastContainer.isLoading).toEqual(false);
-        expect(stateCopy.sastContainer.newIssues).toEqual(dockerNewIssues);
-        expect(stateCopy.sastContainer.resolvedIssues).toEqual(parsedSastContainerBaseStore);
-      });
-    });
-
-    describe('with head', () => {
-      it('should set new issues', () => {
-        mutations[types.RECEIVE_SAST_CONTAINER_REPORTS](stateCopy, {
-          head: dockerReport,
-        });
-
-        expect(stateCopy.sastContainer.isLoading).toEqual(false);
-        expect(stateCopy.sastContainer.newIssues).toEqual(dockerOnlyHeadParsed);
-      });
-    });
-  });
-
-  describe('RECEIVE_SAST_CONTAINER_ERROR', () => {
-    it('should set sast container loading flag to false and error flag to true', () => {
-      mutations[types.RECEIVE_SAST_CONTAINER_ERROR](stateCopy);
-
-      expect(stateCopy.sastContainer.isLoading).toEqual(false);
-      expect(stateCopy.sastContainer.hasError).toEqual(true);
-    });
-  });
-
   describe('SET_DAST_HEAD_PATH', () => {
     it('should set dast head path', () => {
       mutations[types.SET_DAST_HEAD_PATH](stateCopy, 'head_path');
@@ -742,10 +687,10 @@ describe('security reports mutations', () => {
 
   describe('UPDATE_CONTAINER_SCANNING_ISSUE', () => {
     it('updates issue in the new issues list', () => {
-      stateCopy.sastContainer.newIssues = dockerNewIssues;
+      stateCopy.sastContainer.newIssues = mockFindings;
       stateCopy.sastContainer.resolvedIssues = [];
       const updatedIssue = {
-        ...dockerNewIssues[0],
+        ...mockFindings[0],
         foo: 'bar',
       };
 
@@ -756,9 +701,9 @@ describe('security reports mutations', () => {
 
     it('updates issue in the resolved issues list', () => {
       stateCopy.sastContainer.newIssues = [];
-      stateCopy.sastContainer.resolvedIssues = dockerNewIssues;
+      stateCopy.sastContainer.resolvedIssues = mockFindings;
       const updatedIssue = {
-        ...dockerNewIssues[0],
+        ...mockFindings[0],
         foo: 'bar',
       };
 

ee/spec/frontend/vue_shared/security_reports/store/utils_spec.js

@@ -6,7 +6,6 @@ import {
   parseDependencyScanningIssues,
   getDastSites,
   parseDastIssues,
-  getUnapprovedVulnerabilities,
   groupedTextBuilder,
   statusIcon,
   countIssues,
@@ -14,14 +13,6 @@ import {
 } from 'ee/vue_shared/security_reports/store/utils';
 import filterByKey from 'ee/vue_shared/security_reports/store/utils/filter_by_key';
 import getFileLocation from 'ee/vue_shared/security_reports/store/utils/get_file_location';
-import {
-  formatContainerScanningDescription,
-  formatContainerScanningMessage,
-  formatContainerScanningSolution,
-  parseContainerScanningSeverity,
-  parseSastContainer,
-} from 'ee/vue_shared/security_reports/store/utils/container_scanning';
-import { SEVERITY_LEVELS } from 'ee/security_dashboard/store/constants';
 import {
   oldSastIssues,
   sastIssues,
@@ -31,8 +22,6 @@ import {
   dependencyScanningIssues,
   dependencyScanningIssuesMajor2,
   dependencyScanningFeedbacks,
-  dockerReport,
-  containerScanningFeedbacks,
   dast,
   multiSitesDast,
   dastFeedbacks,
@@ -228,118 +217,6 @@ describe('security reports utils', () => {
     });
   });
 
-  describe('container scanning utils', () => {
-    describe('formatContainerScanningSolution', () => {
-      it('should return false if there is no data', () => {
-        expect(formatContainerScanningSolution({})).toBe(null);
-      });
-
-      it('should return the correct sentence', () => {
-        expect(formatContainerScanningSolution({ fixedby: 'v9000' })).toBe('Upgrade to v9000.');
-        expect(
-          formatContainerScanningSolution({ fixedby: 'v9000', featurename: 'Dependency' }),
-        ).toBe('Upgrade Dependency to v9000.');
-
-        expect(
-          formatContainerScanningSolution({
-            fixedby: 'v9000',
-            featurename: 'Dependency',
-            featureversion: '1.0-beta',
-          }),
-        ).toBe('Upgrade Dependency from 1.0-beta to v9000.');
-      });
-    });
-
-    describe('formatContainerScanningMessage', () => {
-      it('should return concatenated message if vulnerability and featurename are provided', () => {
-        expect(
-          formatContainerScanningMessage({ vulnerability: 'CVE-124', featurename: 'grep' }),
-        ).toBe('CVE-124 in grep');
-      });
-
-      it('should return vulnerability if only that is provided', () => {
-        expect(formatContainerScanningMessage({ vulnerability: 'Foo' })).toBe('Foo');
-      });
-    });
-
-    describe('formatContainerScanningDescription', () => {
-      it('should return description', () => {
-        expect(formatContainerScanningDescription({ description: 'Foobar' })).toBe('Foobar');
-      });
-
-      it('should build description from available fields', () => {
-        const featurename = 'Dependency';
-        const featureversion = '1.0';
-        const namespace = 'debian:8';
-        const vulnerability = 'CVE-123';
-
-        expect(
-          formatContainerScanningDescription({
-            featurename,
-            featureversion,
-            namespace,
-            vulnerability,
-          }),
-        ).toBe('Dependency:1.0 is affected by CVE-123.');
-
-        expect(formatContainerScanningDescription({ featurename, namespace, vulnerability })).toBe(
-          'Dependency is affected by CVE-123.',
-        );
-
-        expect(formatContainerScanningDescription({ namespace, vulnerability })).toBe(
-          'debian:8 is affected by CVE-123.',
-        );
-      });
-    });
-
-    describe('parseContainerScanningSeverity', () => {
-      it('should return `Critical` for `Defcon1`', () => {
-        expect(parseContainerScanningSeverity('Defcon1')).toBe(SEVERITY_LEVELS.critical);
-      });
-
-      it('should return `Low` for `Negligible`', () => {
-        expect(parseContainerScanningSeverity('Negligible')).toBe('Low');
-      });
-
-      it('should not touch other severities', () => {
-        expect(parseContainerScanningSeverity('oxofrmbl')).toBe('oxofrmbl');
-        expect(parseContainerScanningSeverity('Medium')).toBe('Medium');
-        expect(parseContainerScanningSeverity('High')).toBe('High');
-      });
-    });
-  });
-
-  describe('parseSastContainer', () => {
-    it('parses sast container issues', () => {
-      const parsed = parseSastContainer(dockerReport.vulnerabilities)[0];
-      const issue = dockerReport.vulnerabilities[0];
-
-      expect(parsed.title).toEqual(issue.vulnerability);
-      expect(parsed.identifiers).toEqual([
-        {
-          type: 'CVE',
-          name: issue.vulnerability,
-          value: issue.vulnerability,
-          url: `https://cve.mitre.org/cgi-bin/cvename.cgi?name=${issue.vulnerability}`,
-        },
-      ]);
-
-      expect(parsed.project_fingerprint).toEqual(sha1(issue.vulnerability));
-    });
-
-    it('includes vulnerability feedbacks', () => {
-      const parsed = parseSastContainer(
-        dockerReport.vulnerabilities,
-        containerScanningFeedbacks,
-      )[0];
-
-      expect(parsed.hasIssue).toEqual(true);
-      expect(parsed.isDismissed).toEqual(true);
-      expect(parsed.dismissalFeedback).toEqual(containerScanningFeedbacks[0]);
-      expect(parsed.issue_feedback).toEqual(containerScanningFeedbacks[1]);
-    });
-  });
-
   describe('getDastSites', () => {
     it.each([{}, 'site', 1, undefined])('wraps non-array argument %p into an array', arg => {
       expect(getDastSites(arg)).toEqual([arg]);
@@ -412,19 +289,6 @@ describe('security reports utils', () => {
     });
   });
 
-  describe('getUnapprovedVulnerabilities', () => {
-    it('return unapproved vulnerabilities', () => {
-      const unapproved = getUnapprovedVulnerabilities(
-        dockerReport.vulnerabilities,
-        dockerReport.unapproved,
-      );
-
-      expect(unapproved.length).toEqual(dockerReport.unapproved.length);
-      expect(unapproved[0].vulnerability).toEqual(dockerReport.unapproved[0]);
-      expect(unapproved[1].vulnerability).toEqual(dockerReport.unapproved[1]);
-    });
-  });
-
   describe('textBuilder', () => {
     describe('with only the head', () => {
       const paths = { head: 'foo' };

ee/spec/javascripts/vue_shared/security_reports/mock_data.js

@@ -4,20 +4,9 @@ import * as mockData from '../../../frontend/vue_shared/security_reports/mock_da
 // https://gitlab.com/gitlab-org/gitlab/merge_requests/10466#note_156218753
 
 export const {
-  containerScanningFeedbacks,
-  dast,
-  dastBase,
-  dastFeedbacks,
-  dependencyScanningFeedbacks,
-  dockerBaseReport,
-  dockerReport,
   dockerReportParsed,
   parsedDast,
-  sastFeedbacks,
-  sastIssues,
-  sastIssuesBase,
   sastParsedIssues,
-  mockFindings,
   sastDiffSuccessMock,
   dastDiffSuccessMock,
   containerScanningDiffSuccessMock,

locale/gitlab.pot

@@ -22014,9 +22014,6 @@ msgstr ""
 msgid "ciReport|%{linkStartTag}Learn more about codequality reports %{linkEndTag}"
 msgstr ""
 
-msgid "ciReport|%{namespace} is affected by %{vulnerability}."
-msgstr ""
-
 msgid "ciReport|%{remainingPackagesCount} more"
 msgstr ""
 
@@ -22075,9 +22072,6 @@ msgstr ""
 msgid "ciReport|%{reportType}: Loading resulted in an error"
 msgstr ""
 
-msgid "ciReport|%{vulnerability} in %{featurename}"
-msgstr ""
-
 msgid "ciReport|(errors when loading results)"
 msgstr ""
 
@@ -22234,15 +22228,6 @@ msgstr ""
 msgid "ciReport|There was an error reverting the dismissal. Please try again."
 msgstr ""
 
-msgid "ciReport|Upgrade %{name} from %{version} to %{fixed}."
-msgstr ""
-
-msgid "ciReport|Upgrade %{name} to %{fixed}."
-msgstr ""
-
-msgid "ciReport|Upgrade to %{fixed}."
-msgstr ""
-
 msgid "ciReport|Used by %{packagesString}"
 msgid_plural "ciReport|Used by %{packagesString}, and %{lastPackage}"
 msgstr[0] ""