Add merge SBOM service
What does this MR do and why?
As a part of #333463 (closed) we are introducing the feature to export a consolidated SBOM report in cyclonedx format generated by a pipeline. This is MR-2 as per the implementation plan here.
This MR adds a MergeSbomService
which merges all the SBOM reports passed to it.
This also adds a JsonService
which will be used for converting report object to JSON output.
Here is the First MR of the issue.
Steps to Test:
Use the following code in rails console:
project = # Project with sbom reports and license data. You can use this project https://gitlab.com/atiwari71/dependency-list-test
pipeline = project.ci_pipelines.last
reports = pipeline.sbom_reports.reports
# Genrate merged sbom report
merged_report = Sbom::MergeReportsService.new(reports, project).execute
# Generate json output
s = Sbom::ExportSerializers::JsonService.new(merged_report).execute
s.as_json
s.to_json
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Follow-up issue
Issue
Edited by Aditya Tiwari