Add project level support for filtering components by name

Michael Beckerrequested to merge
493775-dependency-list-component-filter-at-the-project-level-graphql into master

What does this MR do and why?

Context

Group level support was added in previous MRs (see 166493)

This change

As querying at the project level should be less intense than a group hierarchy traversal, I went with a basic join.

I considered creating a new scope (e.g. self.by_project), however within the vulnerabilities/dependency domain, we typically treat groups and projects as equivalent "vulnerable" objects

SQL

SELECT
    "sbom_components".*
FROM
    "sbom_components"
    INNER JOIN "sbom_occurrences" ON "sbom_occurrences"."component_id" = "sbom_components"."id"
WHERE
    "sbom_occurrences"."project_id" = 278964
    AND (sbom_components.name ILIKE '%rails%')
ORDER BY
    "sbom_components"."name" ASC
LIMIT 30;

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

example query
image

example query

query components {
  project(fullPath: "gitlab-org/security-reports") {
    id
    components(name: "rails") {
      id
      name
    }
  }
}

related to: #513317 (closed)
Changelog: added

Edited by Samantha Ming

Merge request reports