License Compliance widget shows all licenses as uncategorized

Summary

The License Compliance MR widget shows all the detected licenses as uncategorized instead of categorized like the Full report

Steps to reproduce

Upload a GitLab Ultimate license
Clone https://gitlab.com/gitlab-org/govern/security-policies/ali-test-group/411984-unknown-license-type
Create a new scan_result_policy with the content

type: scan_result_policy
name: Newly detected unknown licenses
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - unknown
    license_states:
      - newly_detected
    branch_type: default
actions:
  - type: require_approval
    approvals_required: 1
    group_approvers_ids:
      - 64024513

Create changes similar to https://gitlab.com/gitlab-org/govern/security-policies/ali-test-group/411984-unknown-license-type/-/merge_requests/1/diffs and create the MR

Example Project

https://gitlab.com/gitlab-org/govern/security-policies/ali-test-group/411984-unknown-license-type/-/merge_requests/1

What is the current bug behavior?

The categorization of the licenses in the License Compliance MR widget do not match the categorization of the licenses in the Full report

What is the expected correct behavior?

The categorization of the licenses in the License Compliance MR widget do match the categorization of the licenses in the Full report

Relevant logs and/or screenshots

License Compliance MR Widget	Full Report

Possible fixes

Update Sca::LicenseCompliance to check for denied software_license_policies from report in diff_with:

diff --git a/ee/app/models/sca/license_compliance.rb b/ee/app/models/sca/license_compliance.rb
index 65384cb46a0e..3d74673a5bce 100644
--- a/ee/app/models/sca/license_compliance.rb
+++ b/ee/app/models/sca/license_compliance.rb
@@ -122,7 +122,7 @@ def build_policy_with_denied_licenses(denied_policies, reported_license)
 
       denied_license_policy = policy_from_licenses(denied_policies, reported_license) unless direct_license_policy
 
-      approval_status = denied_license_policy ? 'denied' : nil
+      approval_status = denied_license_policy || denied_policies.empty? ? 'denied' : nil
       build_policy(reported_license, direct_license_policy || denied_license_policy, approval_status)
     end
 
diff --git a/ee/spec/models/sca/license_compliance_spec.rb b/ee/spec/models/sca/license_compliance_spec.rb
index 889b2305be7c..9e65a14a54c4 100644
--- a/ee/spec/models/sca/license_compliance_spec.rb
+++ b/ee/spec/models/sca/license_compliance_spec.rb
@@ -942,6 +942,22 @@ def assert_matches(item, expected = {})
         end
       end
 
+      context 'when the base pipeline is empty or does not contain report' do
+        subject(:diff) { license_compliance.diff_with(base_compliance) }
+
+        let(:pipeline) { head_pipeline }
+
+        let!(:head_compliance) { project.license_compliance(head_pipeline) }
+        let!(:head_pipeline) { create(:ee_ci_pipeline, :success, project: project) }
+
+        let!(:base_compliance) { project.license_compliance(base_pipeline) }
+        let!(:base_pipeline) { create(:ee_ci_pipeline, :success, :with_cyclonedx_report, project: project, builds: [create(:ee_ci_build, :success)]) }
+
+        it 'returns diff' do
+          expect(diff[:added].first.classification).to eq('denied')
+        end
+      end
+
       context "when the base pipeline removed some licenses" do
         subject(:diff) { license_compliance.diff_with(base_compliance) }

Relates to #397067 (closed)

Relates to #356334 (closed)

Relates to #285120 (closed)

Edited Aug 24, 2023 by Marcos Rocha