`container-image:` is shown on the Dependency List
Summary
For all dependencies found by the Container Scanning analyzer, the prefix container-image:
is shown in the Location column.
Steps to reproduce
Example Project
What is the current bug behavior?
For all dependencies found by the Container Scanning analyzer, the prefix container-image:
is shown in the Location column.
What is the expected correct behavior?
The container-image:
prefix should not be displayed in the UI. The user should see the path to the container image with no prefix.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
-
frontend/"backend implement the below patch and add tests
```shell
diff --git a/ee/app/assets/javascripts/dependencies/components/dependency_location.vue b/ee/app/assets/javascripts/dependencies/components/dependency_location.vue
index 31d99a85a43..406a6b6533f 100644
--- a/ee/app/assets/javascripts/dependencies/components/dependency_location.vue
+++ b/ee/app/assets/javascripts/dependencies/components/dependency_location.vue
@@ -32,7 +32,7 @@ export default {
return this.ancestors.length > 0;
},
isContainerImageDependency() {
- return this.location.path.includes('container-image:');
+ return this.location.blob_path.includes('container-image:');
},
isTopLevelDependency() {
return this.location.top_level;
@@ -64,6 +64,7 @@ export default {
:href="location.blob_path"
>
<gl-icon v-if="!isContainerImageDependency" name="doc-text" />
+ <gl-icon v-if="isContainerImageDependency" name="container-image" />
<gl-truncate
class="gl-lg-max-w-80p gl-display-none gl-lg-display-inline-flex"
:text="location.path"
diff --git a/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb b/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb
index a6910fcf0b3..2d526e9e25d 100644
--- a/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb
+++ b/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb
@@ -68,7 +68,7 @@ def packager(package_manager)
def formatted_location(dependency, file_path)
base_location = {
blob_path: blob_path(file_path),
- path: file_path
+ path: file_path.delete_prefix('container-image:')
}
return base_location unless dependency['iid']
Edited by Alan (Maciej) Paruszewski