Add sorting to `Sbom::DependenciesFinder`
Why are we doing this work
In order to have dependencies from the database achieve parity with the existing dependency list, we need to update Sbom::DependenciesFinder
so that it can sort dependencies in the same way as Security::DependencyListService
Example params from Security::DependencyListService
are:
{
sort: 'asc', # 'asc' or 'desc',
sort_by: 'name' # 'name', 'packager' or 'severity'
}
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- Add sort params to
Resolvers::Sbom::DependenciesResolver
- Have
Sbom::DependenciesFinder
sort the records based on the params provided
Verification steps
- Select a testing project with vulnerabilities like this project.
- Perform the following query via graphql explorer:
query {
project(fullPath:"gitlab-org/govern/threat-insights-demos/vulnerabilities-verification"){
dependencies(sort: NAME_DESC, first: 5){
nodes{
name
version
packager
}
}
}
}
- Expected response:
{
"data": {
"project": {
"dependencies": {
"nodes": [
{
"name": "zeitwerk",
"version": "2.6.6",
"packager": "bundler"
},
{
"name": "yard",
"version": "0.9.26",
"packager": "bundler"
},
{
"name": "yajl-ruby",
"version": "1.4.3",
"packager": "bundler"
},
{
"name": "xpath",
"version": "3.2.0",
"packager": "bundler"
},
{
"name": "xml-simple",
"version": "1.1.9",
"packager": "bundler"
}
]
}
}
}
}
- Change
sort
to other values:
query {
project(fullPath:"gitlab-org/govern/threat-insights-demos/vulnerabilities-verification"){
dependencies(sort: NAME_ASC, first: 5){
nodes{
name
version
packager
}
}
}
}
- Expected response:
{
"data": {
"project": {
"dependencies": {
"nodes": [
{
"name": "CFPropertyList",
"version": "3.0.5",
"packager": "bundler"
},
{
"name": "RedCloth",
"version": "4.3.2",
"packager": "bundler"
},
{
"name": "acme-client",
"version": "2.0.11",
"packager": "bundler"
},
{
"name": "actioncable",
"version": "6.1.7.2",
"packager": "bundler"
},
{
"name": "actionmailbox",
"version": "6.1.7.2",
"packager": "bundler"
}
]
}
}
}
}
Edited by Zamir Martins