Show error when CycloneDX report is not a JSON object

Oscar Tovarrequested to merge
report-cyclonedx-json-array-errors into master

What does this MR do and why?

This MR addresses a shortcoming where we silently fail SBOM ingestion when a CycloneDX report is uploaded as an array instead of an object. The Security tab of a pipeline now shows the error, so that the users can address it properly.

References

Fixes CycloneDX reports ingested as array instead of ... (#574544 - closed) • Oscar Tovar • 18.5

Screenshots or screen recordings

the security tab now shows errors when the JSON of the cyclonedx is an array

How to set up and validate locally

  1. Create a project that uploads a cyclonedx report.
  2. Add a cyclonedx artifact to upload that contains an array.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports