Update sbom_occurrences ingestion in order to fill vulnerabilities
Why are we doing this work
As discussed here, the following is an overview of the plan for adding vulnerabilities into both project and group levels:
- Add
vulnerabilities
into sbom_occurrences. - Update sbom_occurrences ingestion in order to fill
vulnerabilities
. - Add
vulnerabilities
as part of graphql dependency_type. - Update dependency entity to support
vulnerabilities
for group level controller. - Update dependencies_table.vue to include
vulnerabilities
for group level. - Add support to sorting (two levels) based on the existing dependency list service.
- Add support for filtering based on the existing dependency list service.
note A new FF is recommended for the set of changes proposed above.
Link to the PoC MR to keep this comment self-contained.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Update ingest_occurrences.rb to fetch data from
vulnerability_occurrences
table into thevulnerabilities
column.
Verification steps
Edited by Zamir Martins