Skip to content

Use License Scanning Artifact Scanner class in License Compliance page

What does this MR do and why?

Describe in detail what your merge request does and why.

This MR decouples the LicensesController class from license scanning reports. It removes the direct dependency it had on finding the latest pipeline with reports and instead uses the new ::Gitlab::LicenseScanning scannner class to fetch the latest valid pipeline. This also required some changes to the SCA::LicenseCompliance class so that it no longer grabbed the report from the pipeline and instead grabbed the report from the initialized scanner.

method description
#has_data? Evaluates if the scanner had license scanning data. In terms of the artifact scanner, it will evaluate to true if there was a job that returns a license_scanning report. For the SBoM scanner, this may materialize as having SBoM generator jobs.
#data_available? Evaluates if the scanner has completed "scanning". In terms of artifact scanning, this is determined if the pipeline with the license scanning report has a status of success.

As an added benefit, the #has_license_scanning_reports method was no longer used and as a resulted removed as well!

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #378085 (closed)

Edited by Oscar Tovar

Merge request reports

Loading