Add functionality for retrieving sbom reports from pipeline
What does this MR do and why?
This MR adds a method to the pipeline model for retrieving sbom reports for that pipeline. This will facilitate sbom ingestion: #365661 (closed).
Note:
-
gl-sbom.cdx.zip
got updated to hold multiple reports to better test multi-report artifacts -
::Gitlab::Ci::Parsers::Sbom::Cyclonedx
was updated to abide by the fabricator pattern in https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/parsers.rb#L20 - other reports are gated around the presence of a license feature (e.g. dependency scanning, requirements reports ) -
sbom_reports
is currently not as it's a cross-licensed feature (Dependency Scanning and Container Scanning at the moment
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #369475 (closed)
Edited by Igor Frenkel