Streamline Export SBOM feature

Release notes

Problem to solve

As a part of #333463 (closed) we have introduced APIs to export cycloneDX reports in SBOM format for a pipeline. This feature currently requires a user to call 3 different endpoints.

Proposal

Explore the possibility of adding this as a pipeline job so that merged sbom file can be available as a job artifact which can be downloaded using Job Artifacts API . Currently, this can be manually done following this tutorial.

Things to keep in mind:

1. The merged CycloneDX file may require a good amount of processing, so we don't want to generate this file after every pipeline run.
2. The merging and generating of CycloneDX file happened in background job.

Intended users

• Sasha (Software Developer)
• Simone (Software Engineer in Test)
• Amy (Application Security Engineer)

Does this feature require an audit event?

No

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.