[CS For Registry] Add registry event info to metadata source to SBOM in CS
Description
- Add new info to SBOM report
metadata.properties
asregistry_event
for components identified by registry event triggers if ENV variable introduced in [CS For Registry] Add CS pipeline event on regi... (#443620 - closed) is set.- Introduce the following properties
'gitlab:container_scanning_for_registry:image:name' 'gitlab:container_scanning_for_registry:image:tag' 'gitlab:container_scanning_for_registry:operating_system'
- Introduce the following properties
- The newly generated SBOM report should be a valid schema.
User Impact
After the implementation, the newly generated SBOM files should have an identifier pointing to the instigator of the pipeline job, i.e. registry_event.
Non-functional requirements
-
Update documentation to include a new field. -
Testing: Add unit tests/specs.
Implementation plan
- Resolve env variable
REGISTRY_TRIGGERED
in Environment. - Set the following to
metadata.tools
to sbom converter.{ "vendor": "gitlab", "name": "container_registry" }
Verification steps
- Set newly introduced env variable.
- Run the CS job.
- Verify that the SBOM report has newly introduced instigator identifier.
Edited by Aditya Tiwari