Add filtered search to project dependency list and populate component
lists for project.

Issue: #513318

This commit corrects the `component_name` param to be an array,
which is expected by the finder

related to: #513316
EE: true
Changelog: changed

We already can filter on the group level [here][0].

This change mirrors that filter on the project level.

I have also added spec coverage for filtering dependencies via
graphql.

We are not actually using the graphql for the dependencies page
currently, however it does support this filter

[0]:https://gitlab.com/gitlab-org/gitlab/-/blob/351e2abcf8c4dd1f0288578f9f8c1588899d15a2/ee/app/controllers/groups/dependencies_controller.rb#L124

---

Changelog: added
EE: true
related to: #493775
MR: !177728

This MR adds in a service ping metric for when the GraphQL or JSON api
is called. https://gitlab.com/gitlab-org/gitlab/-/issues/497825

Changelog: added
EE: true

Fix for test suites, added tracking_namespace_source and tracking_project_source helper functions to project level controller

Adds licenses action to the Projects::DependenciesController
This endpoint returns a static list of licenses

Changelog: added
EE: true

This flag was in front of the last remaining usages of the dependency
list reports. Alongside this flag removal, we can delete all the old
code which is used to create and parse dependency list reports.

Changelog: removed
EE: true

With the completion of !161512
we no longer have any frontend code which relies on the `report`
structure, so we can safely remove it from the dependencies response. We
will continue to use it for the project dependencies export to avoid
introducing a breaking change. This change also refactors
`dependencies_controller_spec.rb` to prepare it for the removal of the
`project_level_sbom_occurrences` feature flag.

Changelog: changed
EE: true

Add project level filter for source_type when CS for registry

Changelog: added
EE: true

fetching project level dependencies.

EE: true
Changelog: fixed

EE: true
Changelog: added

Martin Čavoj authored 1 year ago and Nikola Milojevic committed 1 year ago

Changelog: added
EE: true

Aditya Tiwari authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-paginate-dependency-list-dos' into 'master'

See merge request gitlab-org/security/gitlab!3422

Changelog: security

Changelog: other

Zamir Martins authored 2 years ago and Justin Ho Tuan Duong committed 2 years ago

behind feature flag.

EE: true
Changelog: changed

Change Ci::JobArtifact.sbom_reports to for_report(:sbom)
Change Ci::JobArtifact.license_scanning_reports to for_report(:license_scanning)
Change Ci::JobArtifact.dependency_list_reports to for_report(:dependency_list)
Change Ci::JobArtifact.container_scanning_reports to for_report(:container_scanning)
Change Ci::JobArtifact.dast_reports to for_report(:dast)
Change Ci::JobArtifact.metrics_reports to for_report(:metrics)
Change Ci::JobArtifact.coverage_fuzzing_reports to for_report(:coverage_fuzzing)
Change Ci::JobArtifact.api_fuzzing_reports to for_report(:api_fuzzing)
Change Ci::JobArtifact.test_reports to for_report(:test)
Change Ci::JobArtifact.sast_reports to for_report(:sast)
Change Ci::JobArtifact.secret_detection to for_report(:secret_detection)
Change Ci::JobArtifact.accessibility to for_report(:accessibility)
Change Ci::JobArtifact.coverage_reports to for_report(:coverage)
Change Ci::JobArtifact.codequality_reports to for_report(:codequality)

- authored 3 years ago and Phil Hughes committed 2 years ago

- This reverts commit 3c70b090.
- Manually resolve merge conflicts

Changelog: removed

This counter counting usage by project, resulting in an ever growing
set in Redis as the feature gains adoption.

This data wasn't useful, while still consuming a relatively high
amount of memory, so we removed it.

A better approach would be using Redis HLL counters for this.

This is done because the read_vulnerability policy is covering more
than only vulnerability authorization as mentioned here
!36019 (comment 376049736)

Changelog: changed
MR: !58704
EE: true

Jannik Lehmann authored 3 years ago and Arturo Herrero committed 3 years ago

This commit solves: 321715
It adds a link to the standalone vulnerabilities Page
on the Dependency List.
It is behind a feature flag (standaloneVulnDependencyList)

Mehmet Emin INAC authored 4 years ago and Stan Hu committed 4 years ago

These resources will be forbidden to access if the feature is off.

Danger wants a commit body, but there's really not any more to say.
These are all best effort and not guaranteed to be 100% accurate.

Mark Florian authored 4 years ago and Kushal Pandya committed 4 years ago

Part of [Clean up dependency_list_ui feature flag and old code
paths][1].

[1]: #212867

This enables by default the `dependency_list_ui` feature flag. In
addition, some styling workarounds have been applied, which will be
removed in later iterations.

Part of [Update dependencies table UI][1].

[1]: #195928

Part of [Update dependencies table UI][1].

This is the largest piece that implements the new table layout. It's
behind the `dependency_list_ui` feature flag, which is currently
disabled by default. This means that the existing UI is still in place,
and unaffected.

Specifically, this:

- Reimplements the table using `GlTable` from GitLab UI
- Removes the UI tabs
- Combines the component name and version columns
- Adds a warning badge for rows with vulnerabilities
- Adds a document icon to the location column

[1]: #195928

This commit merges the projects/dependencies controller with the
projects/security/dependencies controller.

Switch from read_project_security_dashboard to read_vulnerability
Since it's a main policy. read_project_security_dashboard should
be used only for dashboard policy