Fix duplicates in VAT for anchore cves

This template is ONLY used for reporting bugs. New feature request or pipeline enhancement issues should use the other template options for issue submission.

Current Behavior

The VAT team discovered that duplicate cves were being pushed to the VAT because of duplicates existing in the anchore _security.csv. We discovered that the duplicates were returned by Anchore, due to the fix field being sorted differently for the same cve/package/package_path.

Live Example

https://repo1.dso.mil/dsop/atlassian/confluence-data-center/confluence-node/-/jobs/1838883

Expected Behavior

Duplicate cve objects should not be pushed to the VAT.

Possible Solution

To resolve this, we're sorting the fix list and checking that the cve object isn't already in the cves list before adding it.

Relevant Pipeline Run: https://repo1.dso.mil/dsop/atlassian/confluence-data-center/confluence-node/-/pipelines/158307

Relevant MR: !399 (merged)

Edited Feb 11, 2021 by Kenneth Maguire