[CS For Registry] Exclude registry sbom components from dependency list at project level
Description
Dependencies created in [CS For Registry] Set report_type to CONTAINER_... (#443821 - closed) should not appear on dependency list page. Filter dependency report and dependency list page for these vulnerabilities.
User Impact
No direct user impact as this is a backend implementation. However, ensure that users do not encounter the dependencies exposed by registry events in the dependency report or dependency list page.
Non-functional requirements
-
Benchmarking: Assess the performance impact of using the newly introduced data for filtering. -
Testing: Add unit tests/specs.
Implementation plan
- For project level create a filter for source_type: container_scanning_for_registry and apply in DependenciesFinder.
- Filter dependency form dependency list export.
Verification steps
- Ingest a SBOM report with
metadata.tools
as registry event set as a part of [CS For Registry] Set SBOM occurrence source to... (#443634 - closed) - Verify that db records are created as per the requirements.
- Run advisory scanner and report parser.
- Verify that the vulnerabilities are created with report_type: CONTAINER_SCANNING_FOR_REGISTRY
- Verify that vulnerabilities does not appear in the dependency report or dependency list page.
Edited by Aditya Tiwari