Skip to content

Draft: Update software license services

Marcos Rocha requested to merge mc_rocha-update-software-license-services-441078 into master

What does this MR do and why?

Related to #441078

Update software license policies table

This MR updates the software_license_policies table to support the custom software license

Changelog: changed EE: true

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Enable the custom_software_license feature flag on the rails console
Feature.enable(:custom_software_license)
  1. Create a new project
  2. Go to Secure > Policies
  3. Click in New policy
  4. Select Merge request approval policy
  5. Create a policy with an existing and a new license:

Something like:

type: approval_policy
name: policy
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion_license: true
    license_types:
      - 3dfx Glide License
      - New Custom License
    license_states:
      - newly_detected
    branch_type: default
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
  - type: send_bot_message
    enabled: true
approval_settings:
  block_branch_modification: true
  prevent_pushing_and_force_pushing: true
fallback_behavior:
  fail: closed

If you don't have any license in the license dropdown follow this guide to add the SPDX licenses.

  1. Check if the new license was saved in the custom_software_license table
Security::CustomSoftwareLicense.last
#<Security::CustomSoftwareLicense:0x000000016a1feb70 id: 1, project_id: 891, name: "New Custom License">
  1. Check the last 2 SoftwareLicensePolicy records
SoftwareLicensePolicy.last(2)

One should be linked to the existing software_license

=> [#<SoftwareLicensePolicy:0x0000000169dd8168
  id: 37997,
  project_id: 891,
  software_license_id: 177,
  classification: "denied",
  created_at: Mon, 03 Jun 2024 22:18:42.376382000 UTC +00:00,
  updated_at: Mon, 03 Jun 2024 22:18:42.376382000 UTC +00:00,
  scan_result_policy_id: 709,
  custom_software_license_id: nil>,

The other one should be linked to the new custom_software_license

 #<SoftwareLicensePolicy:0x0000000169dd8208
  id: 37998,
  project_id: 891,
  software_license_id: nil,
  classification: "denied",
  created_at: Mon, 03 Jun 2024 22:33:42.760331000 UTC +00:00,
  updated_at: Mon, 03 Jun 2024 22:33:42.760331000 UTC +00:00,
  scan_result_policy_id: 709,
  custom_software_license_id: 1>]
Edited by Marcos Rocha

Merge request reports