Populate gitlab security report with alerts for full scans

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

Author: lelia

docs/cli-reference.md

@@ -702,15 +702,22 @@ All alert types are included in the GitLab report if they're marked as `error` o
 
 ### Report Schema
 
-Socket CLI generates reports compliant with [GitLab Dependency Scanning schema version 15.0.0](https://docs.gitlab.com/ee/development/integrations/secure.html). The reports include:
+Socket CLI generates reports compliant with [GitLab Dependency Scanning schema version 15.0.0](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/v15.0.0/dist/dependency-scanning-report-format.json). The reports include:
 
-- **Scan metadata**: Analyzer and scanner information
+- **Scan metadata**: Analyzer and scanner information with ISO 8601 timestamps
 - **Vulnerabilities**: Detailed vulnerability data with:
   - Unique deterministic UUIDs for tracking
   - Package location and dependency information
   - Severity levels mapped from Socket's analysis
   - Socket-specific alert types and CVE identifiers
   - Links to Socket.dev for detailed analysis
+- **Dependency files**: Manifest files and their dependencies discovered during the scan
+
+**Schema compatibility:** The v15.0.0 schema is supported across all GitLab versions 12.0+ (both self-hosted and cloud). The report includes the `dependency_files` field, which is required by v15.0.0 and accepted as an optional extra by newer schema versions, ensuring maximum compatibility across GitLab instances.
+
+### Performance Notes
+
+When `--enable-gitlab-security` (or `--enable-json` / `--enable-sarif`) is used with a full scan (non-diff mode), the CLI fetches package and alert data from the scan results to populate the report. This adds time proportional to the number of packages in the scan. Without these output flags, no additional data is fetched and scan performance is unchanged.
 
 ### Requirements
 
@@ -726,7 +733,8 @@ Socket CLI generates reports compliant with [GitLab Dependency Scanning schema v
 - Ensure the report file follows the correct schema format
 
 **Empty vulnerabilities array:**
-- This is normal if no new security issues were detected
+- This is normal if no new security issues were detected in diff mode
+- For full scans, ensure you are using `--enable-gitlab-security` so alert data is fetched
 - Check Socket.dev dashboard for full analysis details
 
 ## Development

socketsecurity/core/__init__.py

@@ -659,9 +659,48 @@ def create_full_scan_with_report_url(
         diff.report_url = f"{base_socket}/{self.config.org_slug}/sbom/{new_full_scan.id}"
         diff.diff_url = diff.report_url
         diff.id = new_full_scan.id
-        diff.packages = {}
 
-        # Return result in the format expected by the user
+        needs_alerts = (
+            self.cli_config is not None
+            and (
+                self.cli_config.enable_gitlab_security
+                or self.cli_config.enable_json
+                or self.cli_config.enable_sarif
+            )
+        )
+
+        if needs_alerts:
+            log.info("Output format requires alerts, fetching SBOM data for full scan")
+            sbom_start = time.time()
+            sbom_artifacts_dict = self.get_sbom_data(new_full_scan.id)
+            sbom_artifacts = self.get_sbom_data_list(sbom_artifacts_dict)
+            packages = self.create_packages_dict(sbom_artifacts)
+            diff.packages = packages
+
+            all_alerts_collection: Dict[str, List[Issue]] = {}
+            for package_id, package in packages.items():
+                self.add_package_alerts_to_collection(
+                    package=package,
+                    alerts_collection=all_alerts_collection,
+                    packages=packages
+                )
+
+            consolidated: Set[str] = set()
+            for alert_key, alerts in all_alerts_collection.items():
+                for alert in alerts:
+                    alert_str = f"{alert.purl},{alert.type}"
+                    if (alert.error or alert.warn) and alert_str not in consolidated:
+                        diff.new_alerts.append(alert)
+                        consolidated.add(alert_str)
+
+            sbom_end = time.time()
+            log.info(
+                f"Fetched {len(packages)} packages and {len(diff.new_alerts)} alerts "
+                f"in {sbom_end - sbom_start:.2f}s"
+            )
+        else:
+            diff.packages = {}
+
         return diff
 
     def get_full_scan(self, full_scan_id: str) -> FullScan: