Remove unused gitlab:dependency_scanning metadata properties
Proposal
The following metadata properties were added to the SBOM produced by gemnasium
as part of Update gemnasium SBOM files to adhere to GitLab... (#378026 - closed):
gitlab:dependency_scanning:input_file
gitlab:dependency_scanning:package_manager
However, these properties were incorrect and didn't align with the GitLab CycloneDX property taxonomy, since they should have instead been:
gitlab:dependency_scanning:input_file:path
gitlab:dependency_scanning:package_manager:name
This was fixed in Gemnasium not aligned with GitLab CycloneDX Pro... (#398580 - closed), but the incorrect properties were not removed, in order to avoid a breaking change:
The problem is that if we modify the gemnasium analyzer to change the output, it will no longer work for previous versions of the self-manage instances that pull this major image
As part of Composition Analysis 17.0 deprecations, removal... (#416433 - closed), we should now remove these unnecessary metadata properties
Implementation Plan
-
Remove the following constants from convert.go: gitlab:dependency_scanning:input_file
gitlab:dependency_scanning:package_manager
diff --git a/cyclonedx/convert.go b/cyclonedx/convert.go index 81bf7c6..75626a2 100644 --- a/cyclonedx/convert.go +++ b/cyclonedx/convert.go @@ -23,10 +23,6 @@ type ToolInfo struct { } const ( - // These properties have been deprecated. See https://gitlab.com/gitlab-org/gitlab/-/issues/398580. - propertyNameInputFile = "gitlab:dependency_scanning:input_file" - propertyNamePackageManager = "gitlab:dependency_scanning:package_manager" - propertyNameSchemaVersion = "gitlab:meta:schema_version" propertyNameInputFilePath = "gitlab:dependency_scanning:input_file:path" propertyNamePackageManagerName = "gitlab:dependency_scanning:package_manager:name"
-
Remove references to the above constants from all unit tests and expectations.