I am using a third-party SAST tool to export its findings into the gl-sast-report.json format. The issue I am having is that the findings from the report do show up in the Security tab of the pipeline. However, it shows “[IngestionError] Ingestion failed for some vulnerabilities” But all of the findings are visible from the report.
My issue is that all classes of category High findings are not visible in the project’s Vulnerability Report. I can see those High findings within the pipeline, but they never make it to the Vulnerability Report view. It would be odd that it is the ingestion error where it can ingest it for the security tab in the pipeline view but cannot be synced with the Vulnerability Report. All other category of findings are porting to the Vulnerability Report as expected.
Additionally I have validated the report against the GitLab SAST JSON Schema and there are no issues there.
How can I troubleshoot this issue?