Skip to content

Use license scanning scanner class in license compliance MR widget

Oscar Tovar requested to merge license-scanning-scanner-mr-widget into master

What does this MR do and why?

This MR refactors the EE merge request class so that it utilizes a concrete class of ::Gitlab::LicenseScanning::BaseScanner instead of directly looking for license scanning reports in a pipeline. This is being done as part of the work to switch license scanning from a report based job to a database oriented service as described in &9400 (closed). Removing the usage of Pipeline#license_scan_complete allows for the implementation to change when we toggle the feature flag that will be added as part of #384935 (closed). This is the current implementation plan that we are following as part of the epic:

  • Create an abstract class that will be used as an interface for license scanning
  • Update the sites that reference license scanning reports to use new interface
    • License Compliance Page. See !105533 (merged)
    • License Compliance MR Widget. You are here 👈
    • Licenses Tab in Pipeline Page
    • Dependency List Page
  • Add feature flag so that interface switches implementation to SBoM based scanner. See &9400 (closed)

Currently, the implementation is focused on using the pipeline artifacts, but in the future it will require abstracting this even further by removing the requirement for a pipeline as described in [DEBATED] License Scanning using SBOM component... (#387282). This change will be required to satisfy the requirement of fetching the SBoM components from the database instead of parsing the SBoM components from the latest pipeline from the default branch

Closes #378086 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Set up local project that has license scanning enabled
  2. Create a merge request that introduces a new license to the project
  3. Verify that the merge request widget displays the new license

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Oscar Tovar

Merge request reports