Use License Scanning Service in Pipeline page
Why are we doing this work
The backend needs to be changed so that the Licenses
tab of the Pipeline page uses the License Scanning Service.
Further details
The Licenses tab of the Pipeline page is handled by PipelinesController#licenses
, which uses Pipeline#expose_license_scanning_data?
, and SCA::LicenseCompliance
.
Proposal
Same as #378085 (closed): Pipeline#license_scanning_report
gets a Ci::Reports::LicenseScanning::Report
from the LicenseScanningService
.
Also, make Pipeline#expose_license_scanning_data?
delegate to LicenseScanningService
. This could either be a method or a class method – TBD.
Relevant links
The technical evaluation issue doesn't cover this specifically, but it might contain useful information: Spike: Where are License Scanning reports used ... (#377688 - closed)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
Update the pipelines controller so that it uses the license scanning scanner class. -
Remove the deprecated expose_license_scanning_data
method now that it is no longer used. -
Remove the ee/lib/gitlab/license_scanning/report.rb
file (and associated spec) now that the contained class is no longer used.
Verification steps
- Set up a project with license scanning e.g. ruby project with dependencies in a
Gemfile.lock
- Run the license scanning job and open the pipeline page
- Verify that the licenses tab displays the expected licenses for the declared dependencies
Edited by Oscar Tovar