Introduce the sbt bom parser
What does this MR do?
The goal is to use sbt makeSbom
instead of sbt dependencyDot
for sbt projects with versions >= 1.1
. For that purpose we add a new parser that can parse the generated report of sbt makeSbom
command. The generated report is in XML format and an example can be seen in the fixtures added.
MR Stack
- Move SBT parser into dot directory (!555 - merged)
- Install sbt-bom plugin in docker images (!554 - closed)
-
Introduce the sbt bom parser (!556 - merged)
👈 - Call sbt makeBom in case the plugin is compatible (!557 - closed)
What are the relevant issue numbers?
Gemnasium fails when running sbt dependencyDot:... (gitlab-org/gitlab#390287 - closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar