Skip to content

Extend CS SBOM-based licenses to support id

Zamir Martinsrequested to merge
extend_cs_sbom_licenses_to_support_id into master

What does this MR do and why?

Extend CS SBOM-based licenses to support id.

This change is required due to a breaking change in Trivy's license data structure.
TLDR; the default value has been moved from license.name to license.id.

References

Related issue: container scanning sbom-based license ingestion... (#560330 - closed) • Zamir Martins • 18.3

Screenshots or screen recordings

Before After
Screenshot_2025-08-07_at_12.19.10 Screenshot_2025-08-07_at_12.02.06

How to set up and validate locally

  1. Create a project with the following file: .gitlab-ci.yml 
include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml

container_scanning:
  variables:
    CS_IMAGE: alpine:3.15
    CS_INCLUDE_LICENSES: true
  1. Run a pipeline on the default branch
  2. Go to Secure > Dependency List
  3. Verify the values under the license column

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zamir Martins

Merge request reports