Skip to content

Add location finder and endpoint

Zamir Martins requested to merge add_location_finder_and_endpoint into master

What does this MR do and why?

Add location finder and endpoint with search in order to support the frontend as per this design.

EE: true Changelog: changed

Related issue: #409068 (closed)

Query plan

Link to query plan for one of the worst cases.

SELECT "sbom_occurrences".*
FROM "sbom_occurrences"
WHERE "sbom_occurrences"."source_id" IN (
  SELECT "sbom_sources"."id"
  FROM "sbom_sources"
  WHERE (source->'input_file'->>'path' ILIKE '%yarn%')
)
AND "sbom_occurrences"."component_id" = 216
AND "sbom_occurrences"."project_id" IN (
  SELECT "projects"."id"
  FROM "projects"
  WHERE "projects"."namespace_id" IN (
    SELECT namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id
    FROM "namespaces"
    WHERE "namespaces"."type" = 'Group' AND (traversal_ids @> ('{6543}'))
  )
)
LIMIT 50;

How to set up and validate locally

  1. Fetch the branch: add_location_finder_and_endpoint.
  2. Turn on the feature flag to make Dependency list appear in groups:
echo "Feature.enable(:group_level_dependencies)" | rails c
  1. Create one project under a group with the following content:
  • .gitlab-ci.yml:
include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  1. Run a pipeline for the default branch
  2. Go group related to the project created above and click on the menu option Secure -> Dependency list
  3. Browse locations with the following format: http://<HOST>/groups/<GROUP_PATH>/-/dependencies/locations?search=<KEYWORD>&component_id=<COMPONENT_ID>.

Example of a valid response:

{"locations":[{"location":{"blob_path":"/top-level-group/subgroup-test/bottom-project-test/-/blob/0125c367eaf1bcb52ebbfbe09ecf2d1bdb5ceb3b/Gemfile.lock","path":"Gemfile.lock"},"project":{"name":"bottom-project-test"}},{"location":{"blob_path":"/top-level-group/project-test/-/blob/a0742f530ccb6b7e0c58a93d6bb0b0e43e07a371/Gemfile.lock","path":"Gemfile.lock"},"project":{"name":"project-test"}},{"location":{"blob_path":"/top-level-group/project-test/-/blob/a0742f530ccb6b7e0c58a93d6bb0b0e43e07a371/qa/Gemfile.lock","path":"qa/Gemfile.lock"},"project":{"name":"project-test"}}]}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zamir Martins

Merge request reports