Group dependencies by project and location
Why are we doing this work
Currently dependency list only available on the project level. Those don't require any type of grouping by project and location as they are in a one to one relationship. on a group level, each dependency can be associated with multiple projects and locations.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend DependencyEntity already expects
name
,version
,packager
andlocation
.projects
need to be added but only considered on a group level (i.e., whenproject
isn't available). It should exposefull_path
andname
. -
backend the grouping can be performed in-between
::Sbom::DependenciesFinder
and::DependencyListSerializer
calls as available via this issue. The main concern is the performance cost for fetching project and location information for each dependency.
Testing
-
Add appropriate feature specs -
Review if an E2E spec needs to be added
Verification steps
- For some context go to this test group and click on Secure -> Dependency list. This issue doesn't include the UI though.
- Navigate to the dependencies.json endpoint and check if
occurrence_count
andproject_count
are present as part of the payload.
Edited by Zamir Martins