Skip to content

Add merge SBOM service

Aditya Tiwari requested to merge add-merge-sbom-service into master

What does this MR do and why?

As a part of #333463 (closed) we are introducing the feature to export a consolidated SBOM report in cyclonedx format generated by a pipeline. This is MR-2 as per the implementation plan here.

This MR adds a MergeSbomService which merges all the SBOM reports passed to it. This also adds a JsonService which will be used for converting report object to JSON output. Here is the First MR of the issue.

Steps to Test:

Use the following code in rails console:

project = # Project with sbom reports and license data. You can use this project https://gitlab.com/atiwari71/dependency-list-test
pipeline = project.ci_pipelines.last
reports = pipeline.sbom_reports.reports

# Genrate merged sbom report
merged_report = Sbom::MergeReportsService.new(reports, project).execute

# Generate json output
s = Sbom::ExportSerializers::JsonService.new(merged_report).execute
s.as_json
s.to_json

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Follow-up issue

#422690 (closed)

Issue

#333463 (closed)

Edited by Aditya Tiwari

Merge request reports

Loading