Improve CycloneDX SBOM test output (!283) · Merge requests · GitLab.org / security-products / ci-templates

Adam Cohen requested to merge 354863-improve-cyclonedx-artifact-test-output into master Mar 22, 2022

What does this MR do?

This MR improves the output of the CycloneDX SBOM presence test in the qa-dependency-scanning job to allow us to confirm that the EXPECTED_CYCLONEDX_ARTIFACTS was actually configured with a path value.

The output now shows the following additional information:

Checking presence of CycloneDX SBOM file with path: 'cyclonedx-pypi-pipenv.json'.
CycloneDX SBOM file with path: 'cyclonedx-pypi-pipenv.json' was found as expected.

Without this additional text, we only see the following in the test output:

$ for cyclonedx_sbom_path in ${EXPECTED_CYCLONEDX_ARTIFACTS//,/ } # collapsed multi-line command

This doesn't allow us to confirm that we actually configured the EXPECTED_CYCLONEDX_ARTIFACTS value.

What are the relevant issue numbers?

Add job integration test to ensure that Cyclone... (gitlab-org/gitlab#354863 - closed)

Testing

Tested here:

$ for cyclonedx_sbom_path in ${EXPECTED_CYCLONEDX_ARTIFACTS//,/ } # collapsed multi-line command
Checking presence of CycloneDX SBOM file with path: 'cyclonedx-pypi-pipenv.json'.
CycloneDX SBOM file with path: 'cyclonedx-pypi-pipenv.json' was found as expected.

Does this MR meet the acceptance criteria?

Tests added for this feature/bug

Edited Mar 22, 2022 by Adam Cohen

Improve CycloneDX SBOM test output

What does this MR do?

What are the relevant issue numbers?

Testing

Does this MR meet the acceptance criteria?

Merge request reports