Group sbom occurrences by component_id
What does this MR do and why?
Describe in detail what your merge request does and why.
Group sbom occurrences by component_id in order to aggregate project_ids and occurrence_ids.
Changelog: changed EE: true
Related issue: #408849 (closed)
Query plan
| Query | Sort | Filter | Plan |
|---|---|---|---|
| Prior to this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19557/commands/64138 | ||
| Prior to this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19558/commands/64139 | ||
| Prior to this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19614/commands/64172 | ||
| After this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19629/commands/64419 | ||
| After this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19629/commands/64232 | ||
| After this change | https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19629/commands/64429 |
** Note that joe-instances have been unstable for the past two days so the timing isn't as consistent as usual.
How to set up and validate locally
- Fetch branch
group_sbom_occurrences_by_component_id - Enable feature flag
group_level_dependencies - In a group where there is at least one project with dependencies.
- Query the dependency data with the endpoint:
http://<HOST>/groups/<GROUP_PATH>/-/dependencies.json
Expectation: project_count and occurrence_count should be populated as integers for each dependency.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins