Exclude dependencies with no version
What does this MR do?
This MR fixes the schema validation errors described in Dependency scan report validation error when us... (gitlab-org/gitlab#393849 - closed). All dependencies that do not have a version number are removed from the DS report and the SBOMs.
More info
NPM will include two packages in it's lockfile when it installs a local
folder as a package. One will contain the version and the other will not.
To remove confusion, gemnasium will not include the one without a version.
Also, the name of the package is resolved by truncating any leading
relative path components e.g. ./packageA
=> packageA
and ../packageB/
=> packageB
.
What are the relevant issue numbers?
Relates to gitlab-org/gitlab#393849 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar