Skip to content

Add test for CycloneDX artifacts

Adam Cohen requested to merge add-test-for-cyclonedx-artifacts into master

What does this MR do?

This MR adds a test to ensure that CycloneDX artifacts are saved

Testing

Tested successfully against gemnasium, js-npm and the Dependency-Scanning.gitlab-ci.yml template in this pipeline, with the following successful downstream pipeline.

Also tested against a minimal gemnasium project and a copy of the downstream js-npm with the Dependency-Scanning.gitlab-ci.yml template and .qa-dependency_scanning contents combined into a single .gitlab-ci.yml with the following results:

  1. When EXPECTED_CYCLONEDX_ARTIFACTS is not set, test passes.
  2. When EXPECTED_CYCLONEDX_ARTIFACTS is set and the artifact file is saved, test passes
  3. When EXPECTED_CYCLONEDX_ARTIFACTS is set and cyclonedx artifacts are not saved, test fails.

What are the relevant issue numbers?

gitlab-org/gitlab#354863 (closed)

Does this MR meet the acceptance criteria?

Edited by Adam Cohen

Merge request reports