Add functionality for retrieving sbom reports from pipeline (!94126) · Merge requests · GitLab.org / GitLab

Igor Frenkel requested to merge 369475-retrieve-sbom-reports-for-pipeline into master Aug 03, 2022

What does this MR do and why?

This MR adds a method to the pipeline model for retrieving sbom reports for that pipeline. This will facilitate sbom ingestion: #365661 (closed).

Note:

gl-sbom.cdx.zip got updated to hold multiple reports to better test multi-report artifacts
::Gitlab::Ci::Parsers::Sbom::Cyclonedx was updated to abide by the fabricator pattern in https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/parsers.rb#L20
other reports are gated around the presence of a license feature (e.g. dependency scanning, requirements reports ) - sbom_reports is currently not as it's a cross-licensed feature (Dependency Scanning and Container Scanning at the moment

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #369475 (closed)

Edited Aug 04, 2022 by Igor Frenkel

Add functionality for retrieving sbom reports from pipeline

What does this MR do and why?

MR acceptance checklist

Merge request reports