Skip to content

Add guard for when `sbom_occurrences` has no source

Zamir Martins requested to merge add_guard_when_there_is_no_source into master

What does this MR do and why?

Add guard for when sbom_occurrences has no source.

EE: true Changelog: changed

Screenshots or screen recordings

Before After
Screenshot_2023-07-21_at_18.19.28 Screenshot_2023-07-21_at_18.02.17

How to set up and validate locally

  1. Fetch the content of both branches: add_guard_when_there_is_no_source .
  2. Turn on the feature flag to make Dependency list appear in groups:
echo "Feature.enable(:group_level_dependencies)" | rails c
  1. Create a project under a group with the following content:
  • .gitlab-ci.yml:
variables:
  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5.4.0"

include:
  - template: Security/Container-Scanning.gitlab-ci.yml

container_scanning:
  artifacts:
    paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"]
    reports:
      container_scanning: gl-container-scanning-report.json
      dependency_scanning: gl-dependency-scanning-report.json
      cyclonedx: "**/gl-sbom-*.cdx.json"
  variables:
    CS_IMAGE: webgoat/webgoat-8.0
  1. Run a pipeline for the default branch the project above
  2. Go group related to the project created above and click on the menu option Secure -> Dependency list

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zamir Martins

Merge request reports