Generate sha1 fingerprint from message when cve is empty for vulnerability feedback

ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js

@@ -79,7 +79,7 @@ export const parseDependencyScanningIssues = (issues = [], feedbacks = [], path
       ...issue,
       category: 'dependency_scanning',
       // TODO: replace with issue.project_fingerprint
-      project_fingerprint: sha1(issue.cve),
+      project_fingerprint: sha1(issue.cve || issue.message),
       name: issue.message,
       path: issue.file,
       urlPath: issue.line ? `${path}/${issue.file}#L${issue.line}` : `${path}/${issue.file}`,

spec/javascripts/vue_shared/security_reports/store/utils_spec.js

@@ -80,6 +80,15 @@ describe('security reports utils', () => {
       expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].cve));
     });
 
+    it('uses message to generate sha1 when cve is undefined', () => {
+      const issuesWithoutCve = dependencyScanningIssues.map(issue => ({
+        ...issue,
+        cve: undefined,
+      }));
+      const parsed = parseDependencyScanningIssues(issuesWithoutCve, [], 'path')[0];
+      expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].message));
+    });
+
     it('includes vulnerability feedbacks', () => {
       const parsed = parseDependencyScanningIssues(
         dependencyScanningIssues,