Spike: Where are License Scanning reports used in the codebase?
Time-boxed: 1 day
Topic to Evaluate
Before updating the Rails app to leverage license data stored in the primary DB, we need to know where legacy License Scanning reports are used. This is prep work for implementation issues of Use License Scanning service (&8532 - closed).
Tasks to Evaluate
-
Identify bits of code that directly use License Scanning reports: models, controllers, services, workers, etc. -
Optionally, make specific suggestions on how to update the code, and add abstraction layers to switch between the old implementation and the old old -
Update &8532 (closed) and/or its issues.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
-
TOPIC
RefreshLicenseComplianceChecksWorker
#377688 (comment 1133063363)- already generic
✅ #377688 (comment 1133365080)
- already generic
-
TOPIC
ApprovalMergeRequestRule
#377688 (comment 1133073623)- fetches
head_pipeline&.license_scanning_report
; to be changed❓ #377688 (comment 1133363795) - use
SCA:LicenseCompliance
instead❓ #377688 (comment 1133613675)
- fetches
-
TOPIC
LicenseScanning::Report#violates?
#377688 (comment 1133083851)- new implementation must implement
violates?
🚧 #377688 (comment 1133356331) - new implementation must implement
empty?
🚧 #377688 (comment 1133356331)
- new implementation must implement
-
TOPIC
::Ci::SyncReportsToApprovalRulesService
#377688 (comment 1133106509)- fetches
project.license_scanning_report
; to be changed❓ #377688 (comment 1133354332) - use
SCA::LicenseCompliance
instead❓ #377688 (comment 1133354332) - must also be called after SBOM ingestion; new worker needed?
🚧 #377688 (comment 1133358258)
- fetches
-
TOPIC
MergeRequestController
(EE) #377688 (comment 1133112249)- relies on
SCA::LicenseCompliance
✅ #377688 (comment 1133348485)
- relies on
-
TOPIC
MergeRequest
(EE) #377688 (comment 1133286787)- relies on
SCA::LicenseCompliance
✅ #377688 (comment 1133339951)
- relies on
-
TOPIC
CompareLicenseScanningReportsService
#377688 (comment 1133297470)- relies on
SCA::LicenseCompliance
✅ #377688 (comment 1133340183)
- relies on
-
TOPIC
LicenseScanning::ReportsComparer
#377688 (comment 1133305069)- uses
SCA::LicenseCompliance#diff_with
✅ #377688 (comment 1133342209)
- uses
-
TOPIC
LicensesController
#377688 (comment 1133318031)- relies on
SCA::LicenseCompliance
✅ #377688 (comment 1133345172)
- relies on
-
TOPIC
SCA::LicenseCompliance
#377688 (comment 1133322950)- can be an abstraction layer
✅ #377688 (comment 1133346304) - will switch b/w old and new LS results
🚧 #377688 (comment 1133346304) - returns
license_scanning_report
, to be emulated🚧 #377688 (comment 1133346304) -
#diff_with
delegates toLicenseScanning::Report#diff_with
#377688 (comment 1133580426) - refactor matching of detected licenses w/ policies
🚧 #377688 (comment 1133584497)
- can be an abstraction layer
-
TOPIC
Project
(EE) #377688 (comment 1133552227)- change default value for
license_compliance
to also select pipelines with SBOMs🚧 #377688 (comment 1133554792)
- change default value for
-
TOPIC
API::ManagedLicenses
(EE) #377688 (comment 1133563712) -
TOPIC
Ci::Reports::LicenseScanning::Report
#377688 (comment 1133593884)- new LS results could implement the same interface
✅ #377688 (comment 1133593884) -
#violates?
should be extracted, and shared❓ #377688 (comment 1133596238) -
#diff_with
should be extracted, and shared❓ #377688 (comment 1133596238) - can be used to present new LS results
✅ #377688 (comment 1133607207)
- new LS results could implement the same interface
- TOPIC Proposal #377688 (comment 1133625396)
-
TOPIC Merging License Report into Dependency Report #377688 (comment 1134696608)
-
Ci::Parsers::Security::DependencyList#parses_licenses!
parses LS report from raw JSON; to be changed🚧 #377688 (comment 1134795634) -
Ci::Build#collect_licenses_for_dependency_list
andcollect_licenses_for_dependency_list
use DS reports; move to a dedicated service❓ #377688 (comment 1134925404) -
Ci::Pipeline#license_scanning_report
fetches LS reports from jobs; to be changed🚧 #377688 (comment 1134929742) -
Ci::Pipeline#dependency_list_report
fetches LS reports from jobs; to be changed🚧 #377688 (comment 1134929742)
-
- TOPIC Investigation using specs, factories, and fixtures #377688 (comment 1135659251)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.