Add SBOM component fetchers
Why are we doing this work
To perform License Scanning as described in &9400 (closed), we need to list the SBOM components of a project branch or CI pipeline (before searching for their licenses).
Implementation Plan
-
Add classes for fetching SBOM components: -
Add a Gitlab::LicenseScanning::PipelineComponents
class which takes apipeline
as input. -
Add a Gitlab::LicenseScanning::BranchComponents
which takes aproject
andbranch_ref
as input.
These classes fetch and parse the SBOM artifact from the pipeline, and return an array of
Hashie::Mash
objects which contain the following fields:name
version
purl_type
-
-
Add tests for the new classes.
Edited by Adam Cohen