Skip to content

Ingest software licenses into SBOM occurrences

mo khan requested to merge mokhax/422084/ingest-sbom_occurrences-licenses into master

What does this MR do and why?

This change updates the SBOM ingestion to record the software licenses associated with each component. It introduces an additional SQL query when ingesting an SBoM report.

10 components at a time.

SELECT
  "pm_packages".*
FROM
  "pm_packages"
WHERE ("pm_packages"."purl_type", "pm_packages"."name") IN (
  (3, 'actioncable'),
  (3, 'actionmailer'),
  (3, 'actiontext'),
  (3, 'actionview'),
  (3, 'activejob'),
  (3, 'activemodel'),
  (3, 'activerecord'),
  (3, 'activestorage'),
  (3, 'activesupport'),
  (3, 'zeitwerk')
);

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/21712/commands/70508

#422084 (closed)

image

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by mo khan

Merge request reports

Loading