Add test for CycloneDX artifacts (!282) · Merge requests · GitLab.org / security-products / ci-templates

Adam Cohen requested to merge add-test-for-cyclonedx-artifacts into master Mar 08, 2022

What does this MR do?

This MR adds a test to ensure that CycloneDX artifacts are saved

Testing

Tested successfully against gemnasium, js-npm and the Dependency-Scanning.gitlab-ci.yml template in this pipeline, with the following successful downstream pipeline.

Also tested against a minimal gemnasium project and a copy of the downstream js-npm with the Dependency-Scanning.gitlab-ci.yml template and .qa-dependency_scanning contents combined into a single .gitlab-ci.yml with the following results:

When EXPECTED_CYCLONEDX_ARTIFACTS is not set, test passes.
When EXPECTED_CYCLONEDX_ARTIFACTS is set and the artifact file is saved, test passes
When EXPECTED_CYCLONEDX_ARTIFACTS is set and cyclonedx artifacts are not saved, test fails.

What are the relevant issue numbers?

gitlab-org/gitlab#354863 (closed)

Does this MR meet the acceptance criteria?

Tests added for this feature/bug

Edited Mar 14, 2022 by Adam Cohen

Add test for CycloneDX artifacts

What does this MR do?

Testing

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports