Add sbom_sources table and model
What does this MR do and why?
This is part of a three-phase implementation for adding new models to support the tracking of Software Bill of Materials (SBoM) components in GitLab. SBoM is used to create an inventory of the software components which make up an application. We will have dependency scanning / container scanning CI jobs produce CycloneDX SBoM reports as job artifacts. These job artifacts will be consumed by Rails, parsed, and then stored inside these tables.
- Issue: #364576 (closed)
- Epic with more background on the feature: &7886
- Epic for SBoM ingestion: &8024 (closed)
We're using the following initial schema which was determined from a research spike
- Step 1: !90809 (merged)
- Step 2: !90812 (merged) (this MR)
- Step 3: !90814 (merged)
Migrations
$ scripts/db_tasks db:migrate:down VERSION=20220616182016
main: == 20220616182016 CreateSbomSources: reverting ================================
main: -- drop_table(:sbom_sources, {})
main: -> 0.0036s
main: == 20220616182016 CreateSbomSources: reverted (0.0076s) =======================
$ scripts/db_tasks db:migrate
main: == 20220616182016 CreateSbomSources: migrating ================================
main: -- create_table(:sbom_sources, {})
main: -- quote_column_name(:fingerprint)
main: -> 0.0000s
main: -> 0.0060s
main: == 20220616182016 CreateSbomSources: migrated (0.0066s) =======================MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Brian Williams