Add custom license to license widget
What does this MR do and why?
Add custom license to license widget
Related to #478519
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Enable the
custom_software_license
, andlicense_scanning_with_sbom_licenses
feature flags on the rails console
Feature.enable(:custom_software_license)
Feature.enable(:license_scanning_with_sbom_licenses)
- Create a new project
- Go to Secure > Policies
- Click in New policy
- Select Merge request approval policy
- Create a policy like:
Something like:
type: approval_policy
name: test custom license
description: ''
enabled: true
rules:
- type: license_finding
match_on_inclusion_license: true
license_types:
- Custom-License
license_states:
- detected
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- type: send_bot_message
enabled: true
approval_settings:
block_branch_modification: false
prevent_pushing_and_force_pushing: false
prevent_approval_by_author: false
prevent_approval_by_commit_author: false
remove_approvals_with_new_commit: false
require_password_to_approve: false
fallback_behavior:
fail: closed
- Add a
.gitlab-ci.yml
with the content
include:
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
gemnasium-dependency_scanning:
stage: test
script: 'pwd'
artifacts:
reports:
cyclonedx: gl-sbom-gem-bundler.cdx.json
- Add an empty Gemfile.lock file
- Add a file called
gl-sbom-gem-bundler.cdx.json
with the content
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:a15e529c-2113-4a11-a694-6bc3ea4e2b53",
"version": 1,
"metadata": {
"timestamp": "2022-02-23T08:02:39Z",
"tools": [
{
"vendor": "GitLab",
"name": "Gemnasium",
"version": "2.34.0"
}
],
"authors": [
{
"name": "GitLab",
"email": "support@gitlab.com"
}
],
"properties": [
{
"name": "gitlab:dependency_scanning:input_file:path",
"value": "Gemfile.lock"
},
{
"name": "gitlab:dependency_scanning:package_manager:name",
"value": "bundler"
},
{
"name": "gitlab:meta:schema_version",
"value": "1"
}
]
},
"components": [
{
"name": "sidekiq",
"version": "4.2.10",
"purl": "pkg:gem/sidekiq@4.2.10",
"type": "library",
"bom-ref": "pkg:gem/sidekiq@4.2.10",
"licenses": [
{
"license": {
"name": "Custom-License"
}
}
]
}
]
}
-
Run a pipeline
-
Verify the new license in the licenses tab
-
Click in Manage Licenses and verify the dependency has the new License
-
Create a new merge request 16 Verify the MR is blocked and requires approval
Edited by Marcos Rocha