Skip to content

Add Sbom Survey Banner

Jannik Lehmann requested to merge jnnkl-sbom-survey-banner into master

What does this MR do and why?

This MR solves: https://gitlab.com/gitlab-org/gitlab/-/issues/344949

And it's all about this Banner:

sbomBanner
Screenshot_2021-12-13_at_18.35.04

It introduces a new vue_shared component survey_banner which is to be configured via props and will render a Banner like in the screenshot above.

Furthermore this new shared component is used to display the sbom Banner on the dependency list page, license compliance page, group and project security dashboards.

The Banner has a link, the ability to be dismissed (saved in LocalStorage) and the ability to be reminded in a given number of days.

It's currently behind the sbom_survey feature flag roll out issue: #348181 (closed)

There is already another banner currently implemented which this shared banner is heavily influenced by (ee/app/assets/javascripts/security_dashboard/components/shared/survey_request_banner.vue) the Usage of the survey_request_banner needs to be refactored to use the shared component as well. This effort is tracked in this follow-up Issue: #348190 (closed)

Note to reviewers: My apologies for this big MR. This couldn't really be avoided in this case. I did my very best to have a clean and reproducible commit history. It is highly recommended to review this commit after commit

Screenshots or screen recordings

dependency scanning license compliance security dashboard
Screenshot_2021-12-13_at_18.22.10 Screenshot_2021-12-13_at_18.23.50 Screenshot_2021-12-13_at_18.18.25

How to set up and validate locally

  1. enable the sbom_survey feature flag
  2. rails c
  3. Feature.enable(:sbom_survey)
  4. Watch out while testing, if you dismiss the banner for testing purposes, make sure to clear up Local Storage afterwards key: sbom_survey_request , if not the banner won’t be coming up on any other page.
  5. check if the banner displays correctly on the dependency list page http://gitlab.localdev:3000/GROUP/PROJECT/-/dependencies
  6. check if the banner displays correctly on the license compliance page http://gitlab.localdev:3000/GROUP/PROJECT/-/licenses
  7. check if the banner displays correctly on the project security dashboard http://gitlab.localdev:3000/GROUP/PROJECT/-/security/dashboard
  8. check if the banner displays correctly on the group security dashboard http://gitlab.localdev:3000/groups/$GROUP/-/security/dashboard

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jannik Lehmann

Merge request reports