Add cargo purl_type to package_metadata sync (!155751) · Merge requests · GitLab.org / GitLab

Igor Frenkel requested to merge 456283-enable-pm-sync-for-cargo into master Jun 07, 2024

What does this MR do and why?

This change allows a GitLab instance to pull in cargo package metadata for use in identifying licenses for projects with cargo dependencies.

This MR first of 2:

Add cargo as valid type to sbom functionality and package_metadata sync 👈 this MR.
Add cargo to enabled instance purl_types so that package_metadata for this can be ingested: Add cargo purl_type to application setting (!156072 - merged) • Igor Frenkel • 17.2

How to set up and validate locally

In rails console:

puts PackageMetadata::Package.where(purl_type: :cargo).count # 0

Enable the type via application settings.

ap = ApplicationSetting.last
ap.package_metadata_purl_types = [14]
ap.save

Run sync.

lease = Gitlab::ExclusiveLease.new("sync-licenses", timeout: 5.minute); lease.try_obtain
PackageMetadata::SyncService.execute(data_type: 'licenses', lease: lease)

puts PackageMetadata::Package.where(purl_type: :cargo).count # ~15k

Edited Jun 11, 2024 by Igor Frenkel

Add cargo purl_type to package_metadata sync

What does this MR do and why?

How to set up and validate locally

Merge request reports