Skip to content

License Compliance view - backend

backend issue for https://gitlab.com/gitlab-org/gitlab-ee/issues/13582

  1. Permissions for the page !17481 (merged)
  2. Parse License scanning report and merge Dependency scanning info. !18281 (merged)
  3. present information in the eligible format. !17851 (merged)
  4. Create endpoint that response with needed data. !17889 (merged) and !17755 (merged)
  5. Usage ping !17925 (merged)

Endpoint response

GET /projects/:id/security/licenses.json

{
  "licenses": [
    {
       "name": "MIT",
       "url": "https://mit.org/idontknowwhatido",
       "components": [
          {
             "name": "acme-client",
             "blob_path": "https://staging.gitlab.com/secure-team-test/dependency-list-test/blob/e9a4f09eb631acc39ff1122261e16b81b92bf33c/yarn.lock"
          }
          ...
        ]
     }
   ...
  ],
  "report":
  {
    "status": "some_status",
    "job_path": "some path to ci build",
    "generated_at": "2019-08-16T16:16:52.273Z"
  }    
}

Notes

  • report.generated_at - timestamp in UTC
  • report.status - status that we need in case if we want to display any error, like job is not set up.
  • Endpoint will support standart GitLab pagination

Possible statuses

I'm using same statuses as for dependency list We can elaborate them.

Status Meaning
"ok" Everything is OK and we have a list of licenses
"job_not_set_up" License scanning job hasn't ran in this project, ask user to set up this job
"job_failed" License scanning failed, no licences to show Show user warning
Edited by Tetiana Chupryna