Add location finder and endpoint
What does this MR do and why?
Add location finder and endpoint with search in order to support the frontend as per this design.
EE: true Changelog: changed
Related issue: #409068 (closed)
Query plan
Link to query plan for one of the worst cases.
SELECT "sbom_occurrences".*
FROM "sbom_occurrences"
WHERE "sbom_occurrences"."source_id" IN (
SELECT "sbom_sources"."id"
FROM "sbom_sources"
WHERE (source->'input_file'->>'path' ILIKE '%yarn%')
)
AND "sbom_occurrences"."component_id" = 216
AND "sbom_occurrences"."project_id" IN (
SELECT "projects"."id"
FROM "projects"
WHERE "projects"."namespace_id" IN (
SELECT namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id
FROM "namespaces"
WHERE "namespaces"."type" = 'Group' AND (traversal_ids @> ('{6543}'))
)
)
LIMIT 50;
How to set up and validate locally
- Fetch the branch:
add_location_finder_and_endpoint
. - Turn on the feature flag to make
Dependency list
appear in groups:
echo "Feature.enable(:group_level_dependencies)" | rails c
- Create one project under a group with the following content:
-
.gitlab-ci.yml
:
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
-
Gemfile.lock
: with this content
- Run a pipeline for the default branch
- Go group related to the project created above and click on the menu option Secure -> Dependency list
- Browse locations with the following format:
http://<HOST>/groups/<GROUP_PATH>/-/dependencies/locations?search=<KEYWORD>&component_id=<COMPONENT_ID>
.
Example of a valid response:
{"locations":[{"location":{"blob_path":"/top-level-group/subgroup-test/bottom-project-test/-/blob/0125c367eaf1bcb52ebbfbe09ecf2d1bdb5ceb3b/Gemfile.lock","path":"Gemfile.lock"},"project":{"name":"bottom-project-test"}},{"location":{"blob_path":"/top-level-group/project-test/-/blob/a0742f530ccb6b7e0c58a93d6bb0b0e43e07a371/Gemfile.lock","path":"Gemfile.lock"},"project":{"name":"project-test"}},{"location":{"blob_path":"/top-level-group/project-test/-/blob/a0742f530ccb6b7e0c58a93d6bb0b0e43e07a371/qa/Gemfile.lock","path":"qa/Gemfile.lock"},"project":{"name":"project-test"}}]}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins