1 files changed, 29 insertions, 18 deletions

diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb
index 7baae2f53d7..13a159f3745 100644
--- a/lib/gitlab/ci/parsers/security/common.rb
+++ b/lib/gitlab/ci/parsers/security/common.rb
@@ -14,6 +14,7 @@ module Gitlab
           def initialize(json_data, report, vulnerability_finding_signatures_enabled = false, validate: false)
             @json_data = json_data
             @report = report
+            @project = report.project
             @validate = validate
             @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled
           end
@@ -43,31 +44,41 @@ module Gitlab
           attr_reader :json_data, :report, :validate
 
           def valid?
-            if Feature.enabled?(:show_report_validation_warnings, default_enabled: :yaml)
-              # We want validation to happen regardless of VALIDATE_SCHEMA CI variable
+            # We want validation to happen regardless of VALIDATE_SCHEMA
+            # CI variable.
+            #
+            # Previously it controlled BOTH validation and enforcement of
+            # schema validation result.
+            #
+            # After 15.0 we will enforce schema validation by default
+            # See: https://gitlab.com/groups/gitlab-org/-/epics/6968
+            schema_validator.deprecation_warnings.each { |deprecation_warning| report.add_warning('Schema', deprecation_warning) }
+
+            if validate
               schema_validation_passed = schema_validator.valid?
 
-              if validate
-                schema_validator.errors.each { |error| report.add_error('Schema', error) } unless schema_validation_passed
-
-                schema_validation_passed
-              else
-                # We treat all schema validation errors as warnings
-                schema_validator.errors.each { |error| report.add_warning('Schema', error) }
+              # Validation warnings are errors
+              schema_validator.errors.each { |error| report.add_error('Schema', error) }
+              schema_validator.warnings.each { |warning| report.add_error('Schema', warning) }
 
-                true
-              end
+              schema_validation_passed
             else
-              return true if !validate || schema_validator.valid?
+              # Validation warnings are warnings
+              schema_validator.errors.each { |error| report.add_warning('Schema', error) }
+              schema_validator.warnings.each { |warning| report.add_warning('Schema', warning) }
 
-              schema_validator.errors.each { |error| report.add_error('Schema', error) }
-
-              false
+              true
             end
           end
 
           def schema_validator
-            @schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(report.type, report_data, report.version)
+            @schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(
+              report.type,
+              report_data,
+              report.version,
+              project: @project,
+              scanner: top_level_scanner
+            )
           end
 
           def report_data
@@ -137,7 +148,7 @@ module Gitlab
                 metadata_version: report_version,
                 details: data['details'] || {},
                 signatures: signatures,
-                project_id: report.project_id,
+                project_id: @project.id,
                 vulnerability_finding_signatures_enabled: @vulnerability_finding_signatures_enabled))
           end
 
@@ -280,7 +291,7 @@ module Gitlab
               report_type: report.type,
               primary_identifier_fingerprint: primary_identifier&.fingerprint,
               location_fingerprint: location_fingerprint,
-              project_id: report.project_id
+              project_id: @project.id
             }
 
             if uuid_v5_name_components.values.any?(&:nil?)