I’m building a Vulnerability Report for a custom dependency scanner. First, I’m just trying to get the JSON built correctly and testing numerous values. I’ve got a very simple pipeline created (below) and all that does is grab some JSON that’s in the correct format for the report (just a cURL to a publicly hosted Gist.) Everything works correctly, and I’m able to get the Vulnerability Report to surface results, but the challenge I’m facing is when I update the JSON with new values, change the URL with the correct commit idea for the Gist, and re-run the pipeline, it doesn’t update the report with the new values. For example, I’ll change the “Description” and the “Solution” but they don’t update in the Vulnerability Report? Any ideas?
image: openjdk:8-jdk
when: manual
script:
- curl https://gist.githubusercontent.com/my-public-gist/raw/commit-uuid/gl-dependency-report-sample.json -o gl-dependency-scanning-report.json
artifacts:
paths:
- gl-dependency-scanning-report.json
reports:
dependency_scanning:
- gl-dependency-scanning-report.json