Draft: Add search for dependency locations (!126231) · Merge requests · GitLab.org / GitLab

Zamir Martins requested to merge add_search_for_locations into master Jul 12, 2023

What does this MR do and why?

Add search for dependency locations

EE: true Changelog: changed

Screenshots or screen recordings

Query plan

Link to query plan for one of the worst cases.

SELECT "sbom_occurrences".*
FROM "sbom_occurrences"
WHERE "sbom_occurrences"."source_id" IN (
  SELECT "sbom_sources"."id"
  FROM "sbom_sources"
  WHERE (source->'input_file'->>'path' ILIKE '%yarn%')
)
AND "sbom_occurrences"."component_id" = 216
AND "sbom_occurrences"."project_id" IN (
  SELECT "projects"."id"
  FROM "projects"
  WHERE "projects"."namespace_id" IN (
    SELECT namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id
    FROM "namespaces"
    WHERE "namespaces"."type" = 'Group' AND (traversal_ids @> ('{6543}'))
  )
)
LIMIT 50;

How to set up and validate locally

Fetch the content of both branches: add_search_for_project_component .
Turn on the feature flag to make Dependency list appear in groups:

echo "Feature.enable(:group_level_dependencies)" | rails c

Create two projects under a group with the following content:

.gitlab-ci.yml:

include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml

Gemfile.lock: with this content

Run a pipeline for the default branch to both projects
Go group related to the projects created above and click on the menu option Secure -> Dependency list

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 14, 2023 by Zamir Martins

Draft: Add search for dependency locations

What does this MR do and why?

Screenshots or screen recordings

Query plan

How to set up and validate locally

MR acceptance checklist

Merge request reports