Skip to content

Draft: Parse source_package_name for container component

Tetiana Chupryna requested to merge 427095-field-for-sbom-component into master

What does this MR do and why?

In order to properly match packages against advisories in the trivy-db for the source package different from initial package, we need to update the SBOM ingestion code in the rails monolith to also store the source package from the component.properties for trivy-produced SBOMs only.

Parse source_package_name for container component

Changelog: added

Screenshots or screen recordings

How to set up and validate locally

  1. Create a project with next content:

.gitlab-ci.yml

variables:
  CS_IMAGE: 'golang:1.20-alpine'

include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml
  1. Run a pipeline and make sure that container_scanning:cyclonedx report is created

GDK

in Rails console run:

Sbom::Component.where(name: 'alpine-baselayout-data')

Check if the field source_package_name is equal alpine-baselayout.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #427095 (closed)

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

  • #### POINT: This is a point
  • * point: This is a point
  • + Point: This is a point
  • - pOINT: This is a point
  • point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

  • # Topic: Inline discussion topic 1
  • ## TOPIC: **{+A Green, bolded topic+}**
  • ### tOpIc: Another topic

Quick Actions

Action Description
/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics
/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Last updated by this job

Discoto Settings 
---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited by Tetiana Chupryna

Merge request reports