Remove cyclonedx override from container scanning sboms
Problem to solve
In Container Scanning CycloneDX reports are not in... (#431406 - closed) • Igor Frenkel • 16.7 we added an override for the cyclonedx
1.5 sboms generated by trivy
in order to ensure that those sbom components are ingested and processed.
GitLab instance was also updated around the same time to support cyclonedx 1.5: Add support for ingesting CycloneDX v1.5 (#431435 - closed) • Igor Frenkel • 16.7 • On track
This means that only GitLab instances < %16.7 still need this override to be present.
In %17.0 we will bump the major version of the analyzer to 7
which will be the perfect time to remove the cyclonedx override completely.
Proposal
Remove the fix_report_version!
method added in Hardcode SBOMs to use CycloneDX schema v1.4 (gitlab-org/security-products/analyzers/container-scanning!2938 - merged) • Igor Frenkel.