Add guard for when `sbom_occurrences` has no source
What does this MR do and why?
Add guard for when sbom_occurrences
has no source.
EE: true Changelog: changed
Screenshots or screen recordings
Before | After |
---|---|
![]() |
![]() |
How to set up and validate locally
- Fetch the content of both branches:
add_guard_when_there_is_no_source
. - Turn on the feature flag to make
Dependency list
appear in groups:
echo "Feature.enable(:group_level_dependencies)" | rails c
- Create a project under a group with the following content:
-
.gitlab-ci.yml
:
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5.4.0"
include:
- template: Security/Container-Scanning.gitlab-ci.yml
container_scanning:
artifacts:
paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"]
reports:
container_scanning: gl-container-scanning-report.json
dependency_scanning: gl-dependency-scanning-report.json
cyclonedx: "**/gl-sbom-*.cdx.json"
variables:
CS_IMAGE: webgoat/webgoat-8.0
- Run a pipeline for the default branch the project above
- Go group related to the project created above and click on the menu option Secure -> Dependency list
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins