Add o11y events for Gemnasium

What does this MR do?

Related MR for introducing events in GitLab: Add events for Gemnasium in GitLab (gitlab-org/gitlab!202596 - merged)

Observability events for the MVC in Gemnasium contain the following events:

Gemnasium

{
  "scan": {
    "observability": {
    "events": [
      ////////////////////////////////////////////////////////////////////
      // Scanner Basic Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_scan_metrics_from_pipeline",
        "property": "scan_uuid", // join
        "label": "6.1.10",       // filter: version
        "value": 100             // fast: number of vulnerabilities
      },
      ////////////////////////////////////////////////////////////////////
      // Performance Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_scan_performance_metrics_from_pipeline",
        "property": "scan_uuid",    // join
        "value": 23                 // fast: execution time in seconds
      },
      ////////////////////////////////////////////////////////////////////
      // SBOM related Metrics: one event per SBOM
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_scan_sbom_metrics_from_pipeline",
        "property": "scan_uuid",      // join
        "label": "npm",              // fast: purl type
        "value": 50,                  // fast: components count
        "input_file_path": "yarn.lock",  // Slow: will be stored in jsonb
      },
    ],
  }
}

Gemnasium-maven

{
  "scan": {
    "observability": {
    "events": [
      ////////////////////////////////////////////////////////////////////
      // Scanner Basic Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_maven_scan_metrics_from_pipeline",
        "property": "scan_uuid", // join
        "label": "6.1.10",       // filter: version
        "value": 100             // fast: number of vulnerabilities
      },
      ////////////////////////////////////////////////////////////////////
      // Performance Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_maven_scan_performance_metrics_from_pipeline",
        "property": "scan_uuid",    // join
        "value": 23                 // fast: execution time in seconds
      },
      ////////////////////////////////////////////////////////////////////
      // SBOM related Metrics: one event per SBOM
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_maven_scan_sbom_metrics_from_pipeline",
        "property": "scan_uuid",      // join
        "label": "maven",              // fast: purl type
        "value": 50,                  // fast: components count
        "input_file_path": "pom.xml",  // Slow: will be stored in jsonb
      },
    ],
  }
}

Gemnasium-python

{
  "scan": {
    "observability": {
    "events": [
      ////////////////////////////////////////////////////////////////////
      // Scanner Basic Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_python_scan_metrics_from_pipeline",
        "property": "scan_uuid", // join
        "label": "6.1.10",       // filter: version
        "value": 100             // fast: number of vulnerabilities
      },
      ////////////////////////////////////////////////////////////////////
      // Performance Metrics
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_python_scan_performance_metrics_from_pipeline",
        "property": "scan_uuid",    // join
        "value": 23                 // fast: execution time in seconds
      },
      ////////////////////////////////////////////////////////////////////
      // SBOM related Metrics: one event per SBOM
      ////////////////////////////////////////////////////////////////////
      {
        "event": "collect_gemnasium_python_scan_sbom_metrics_from_pipeline",
        "property": "scan_uuid",      // join
        "label": "pypi",              // fast: purl type
        "value": 50,                  // fast: components count
        "input_file_path": "requirements.txt",  // Slow: will be stored in jsonb
      },
    ],
  }
}

In this MR we add the observability object to the security report so that we generate o11y events every time Gemnasium succeeds.

What are the relevant issue numbers?

Add metrics for Gemnasium (gitlab-org/gitlab#570521 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer