Digest & Save reachability data for each package - by customer project

Goal

By the end of this task, We will digest the new attribute of cycloneDX , reachability into the monolith , and finally will save it to the db .

An example sbom component with unknown reachability:

{
    Name: "acorn",
    Version: "4.0.4",
    PURL: "pkg:npm/acorn@4.0.4",
    ComponentType: "library",
    BomRef: "pkg:npm/acorn@4.0.4",
    Properties: []cyclonedx.Property{
        {
            Name: "gitlab:dependency_scanning_component:reachability",
            Value: "unknown"
        },
    },
}

An example sbom component with in_use reachability:

{
    Name: "acorn",
    Version: "4.0.4",
    PURL: "pkg:npm/acorn@4.0.4",
    ComponentType: "library",
    BomRef: "pkg:npm/acorn@4.0.4",
    Properties: []cyclonedx.Property{
        {
            Name: "gitlab:dependency_scanning_component:reachability",
            Value: "in_use"
        },
    },
}

Note:

This task can be done only when Add reachability column to Sbom_occurence task will be merged .

Edited Sep 18, 2024 by Yuval Siev