Add project level filter for dependency list
What does this MR do and why?
Add project level filter for dependency list
As part of the Epic GitLab Container Registry: Continuous Vulnerability Scanning, a new source_type: container_scanning_for_registry
has been added to SBOM::Occurence(Dependency). This MR establishes a default filter for the GraphQL endpoint, ensuring that the API endpoint returns a dependency list where records created with the newly introduced source_type do not appear on the GitLab Dependency List page.
Notes:
- To preserve the existing functionality, a default filter is utilized on the endpoint.
- GraphQL enum does not accept
nil
as a value, so thenil_source
string is used to identify sources with nil.
DB query
Query
## @collection.filter_by_source_types(params\[:source_types\]).explain =\> EXPLAIN for: SELECT "sbom_occurrences".\* FROM "sbom_occurrences" LEFT OUTER JOIN "sbom_sources" ON "sbom_sources"."id" = "sbom_occurrences"."source_id" WHERE "sbom_occurrences"."project_id" = 1036 AND ("sbom_sources"."source_type" = 1 OR "sbom_sources"."source_type" IS NULL) /_application:test,correlation_id:dbd0a59059d3819efa325c8b78d06ddc,db_config_name:main,line:(pry):2:in \`filter_by_source_types'_/ QUERY PLAN
Nested Loop Left Join (cost=0.29..4.33 rows=1 width=319) Filter: ((sbom_sources.source_type = 1) OR (sbom_sources.source_type IS NULL)) -\> Index Scan using idx_sbom_occurrences_on_project_id_and_source_id on sbom_occurrences (cost=0.14..2.16 rows=1 width=319) Index Cond: (project_id = 1036) -\> Index Scan using sbom_sources_pkey on sbom_sources (cost=0.14..2.16 rows=1 width=10) Index Cond: (id = sbom_occurrences.source_id) (6 rows)
https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28273/commands/88245
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
-
Create a project with the following sbom
-
Create project with following yml
stages: - build manual-sbom-upload: stage: build script: - echo "hello, world!" artifacts: paths: - "**/gl-sbom-*.cdx.json" reports: cyclonedx: "**/gl-sbom-*.cdx.json"
-
Visit the dependency list page and ensure that no dependencies are displayed. Switching to the master branch of the same project will then show the dependencies.