Add project level support for filtering components by name (!177746) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Context

Group level support was added in previous MRs (see 166493)

This change

As querying at the project level should be less intense than a group hierarchy traversal, I went with a basic join.

I considered creating a new scope (e.g. self.by_project), however within the vulnerabilities/dependency domain, we typically treat groups and projects as equivalent "vulnerable" objects

SQL

SELECT
    "sbom_components".*
FROM
    "sbom_components"
    INNER JOIN "sbom_occurrences" ON "sbom_occurrences"."component_id" = "sbom_components"."id"
WHERE
    "sbom_occurrences"."project_id" = 278964
    AND (sbom_components.name ILIKE '%rails%')
ORDER BY
    "sbom_components"."name" ASC
LIMIT 30;

explain: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/35152/commands/108914

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

example query

example query

query components {
  project(fullPath: "gitlab-org/security-reports") {
    id
    components(name: "rails") {
      id
      name
    }
  }
}

related to: #513317 (closed)
Changelog: added

Edited Jan 15, 2025 by Samantha Ming

Add project level support for filtering components by name