Ingest software licenses into SBOM occurrences (!129857) · Merge requests · GitLab.org / GitLab

mo khan requested to merge mokhax/422084/ingest-sbom_occurrences-licenses into master Aug 21, 2023

What does this MR do and why?

This change updates the SBOM ingestion to record the software licenses associated with each component. It introduces an additional SQL query when ingesting an SBoM report.

10 components at a time.

SELECT
  "pm_packages".*
FROM
  "pm_packages"
WHERE ("pm_packages"."purl_type", "pm_packages"."name") IN (
  (3, 'actioncable'),
  (3, 'actionmailer'),
  (3, 'actiontext'),
  (3, 'actionview'),
  (3, 'activejob'),
  (3, 'activemodel'),
  (3, 'activerecord'),
  (3, 'activestorage'),
  (3, 'activesupport'),
  (3, 'zeitwerk')
);

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/21712/commands/70508

#422084 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 30, 2023 by mo khan

Ingest software licenses into SBOM occurrences

What does this MR do and why?

MR acceptance checklist

Merge request reports