Create and trigger the an event to update the sbom_occurrences_vulnerabilities table based on the CVS (!178456) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Create and trigger the an event to update the sbom_occurrences_vulnerabilities table based on the CVS.

This change is behind the FF update_sbom_occurrences_vulnerabilities_on_cvs and will only be applicable to dependency_scanning findings.

The highest number of findings will be 100.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

Related issue: Update vulnerable SBOM occurrences after scanni... (#500551 - closed) • Zamir Martins • 17.9 • Needs attention
Follow-up MR: Update sbom_occurrences_vulnerabilities for CVS (!177149 - merged)
Rollout issue: [Feature flag] Rollout of `update_sbom_occurren... (#514223 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Enable update_sbom_occurrences_vulnerabilities_on_cvs feature flag.
Create a project with the following files:
- gl-sbom-npm-npm.cdx.json
- .gitlab-ci.yml
After running the pipeline it will call Gitlab::EventStore.publish with Sbom::VulnerabilitiesCreatedEvent.
The input for Sbom::VulnerabilitiesCreatedEvent should include the following:
- package_name: express
- package_version: 4.16.0
- purl_type: npm

Edited Jan 21, 2025 by Zamir Martins

Create and trigger the an event to update the sbom_occurrences_vulnerabilities table based on the CVS

What does this MR do and why?

References

MR acceptance checklist

How to set up and validate locally

Merge request reports