Update container registry vuln tab report type
What does this MR do and why?
Issue: #463608 (closed)
Update container registry vuln tab report type
- Update report type to scope to container for registry feature
Compliments the backend MR !152045 (merged)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Enable FF
:container_scanning_for_registry
Import existing project.
or Manually
-
Create a project with the following sbom
-
Create project with following yml
stages: - build manual-sbom-upload: stage: build script: - echo "hello, world!" artifacts: paths: - "**/gl-sbom-*.cdx.json" reports: cyclonedx: "**/gl-sbom-*.cdx.json"
Remaining verification steps
- Visit the dependency list page and ensure that no dependencies are displayed. Switching to the master branch of the same project will then show the dependencies.
- Create a vulnerability. You can use following code to create a vulnerability:
occurrence = Sbom::Occurrence.last
affected_components = [Gitlab::VulnerabilityScanning::PossiblyAffectedComponent .from_sbom_occurrence(occurrence)]
advisory = FactoryBot.build(:vs_advisory)
response = ::Security::VulnerabilityScanning::CreateVulnerabilityService.execute( advisory: advisory, affected_components: affected_components)
5. Go to Secure > Vulnerability report page and a new tab should appear.
_Numbered steps to set up and validate the change are strongly suggested._
<!--
Example below:
1. In rails console enable the experiment fully
```ruby
Feature.enable(:member_areas_of_focus)
- Visit any group or project member pages such as
http://127.0.0.1:3000/groups/flightjs/-/group_members
- Click the
invite members
button. -->
Related to #460427 (closed)