Add GraphQL support for license data in relation to sbom_occurrences
Why are we doing this work
Currently dependencies endpoint doesn't support license data.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- Create a license type that is going to expose fields similar to license entity.
- Add licenses to be an array of license type as part of dependency type.
- Update graphql documentation.
Verification steps
- Via graphql-explorer, fetch the project dependencies with their respective licenses for a project with
ingest_sbom_licenses
FF enabled like this one:
query {
project(fullPath: "gitlab-org/govern/threat-insights-demos/verification-projects/verify-408846-group/verify-408849-project"){
id
dependencies(first: 5){
nodes{
name
packager
licenses{
name
url
}
}
}
}
}
- The expected result will be something similar to the following:
{
"data": {
"project": {
"id": "gid://gitlab/Project/47209117",
"dependencies": {
"nodes": [
{
"name": "CFPropertyList",
"packager": "BUNDLER",
"licenses": [
{
"name": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
]
},
{
"name": "RedCloth",
"packager": "BUNDLER",
"licenses": [
{
"name": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
]
},
{
"name": "acme-client",
"packager": "BUNDLER",
"licenses": [
{
"name": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
]
},
{
"name": "actioncable",
"packager": "BUNDLER",
"licenses": [
{
"name": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
]
},
{
"name": "actionmailbox",
"packager": "BUNDLER",
"licenses": [
{
"name": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
]
}
]
}
}
}
}
Edited by Zamir Martins