Skip to content

Hide SBOM pipeline status if no ID

Mehmet Emin INAC requested to merge minac_fix_sbom_pipeline_status_on_vulnerability_report into master

What does this MR do and why?

The pipeline status component on the vulnerability report page always displays SBOM pipeline information even if there is no pipeline.

Related to Update Vuln Dashboard UI to include SBOM pipeli... (!128256 - merged)

Screenshots or screen recordings

Before After
Screenshot_2023-08-28_at_14.39.38 Screenshot_2023-08-28_at_14.40.03

Validation

Prerequisites

  1. You need an EE license
  2. You need to have runners enabled (See $2408961 for setting up a runner)

Mock no SBOM pipeline

  1. Import https://gitlab.com/gitlab-examples/security/security-reports
  2. Edit file .gitlab-ci.yml and remove
include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  1. Run change on main and this should start a pipeline
  2. when pipeline is done, check vulnerability report and validate it does not show any SBOM pipeline status

With SBOM pipeline

  1. Add the removed lines again from .gitlab-ci.yml, run new pipeline and SBOM status is shown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lorenz van Herwaarden

Merge request reports