Draft: Add search for dependency locations
What does this MR do and why?
Add search for dependency locations
EE: true Changelog: changed
Related issue: #409068 (closed)
Screenshots or screen recordings
Query plan
Link to query plan for one of the worst cases.
SELECT "sbom_occurrences".*
FROM "sbom_occurrences"
WHERE "sbom_occurrences"."source_id" IN (
SELECT "sbom_sources"."id"
FROM "sbom_sources"
WHERE (source->'input_file'->>'path' ILIKE '%yarn%')
)
AND "sbom_occurrences"."component_id" = 216
AND "sbom_occurrences"."project_id" IN (
SELECT "projects"."id"
FROM "projects"
WHERE "projects"."namespace_id" IN (
SELECT namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id
FROM "namespaces"
WHERE "namespaces"."type" = 'Group' AND (traversal_ids @> ('{6543}'))
)
)
LIMIT 50;
How to set up and validate locally
- Fetch the content of both branches:
add_search_for_project_component
. - Turn on the feature flag to make
Dependency list
appear in groups:
echo "Feature.enable(:group_level_dependencies)" | rails c
- Create two projects under a group with the following content:
-
.gitlab-ci.yml
:
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
-
Gemfile.lock
: with this content
- Run a pipeline for the default branch to both projects
- Go group related to the projects created above and click on the menu option Secure -> Dependency list
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins