Skip to content

Fix license category in license compliance widget

Marcos Rocha requested to merge mc_rocha-fix-license-widget-category-416006 into master

What does this MR do and why?

This MR fix the license check to return the correct category in the license compliance widget.

Related to: #416006 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

MR widget

Screenshot_2023-10-19_at_5.11.29_PM

Full Report

Screenshot_2023-10-19_at_5.11.45_PM

How to set up and validate locally

  1. Create a blank project and select Initialize repository with a README when creating

  2. Add a Scan Result Policy to the project to Only allow new MIT licensed dependencies:

    type: scan_result_policy
    name: Only allow new MIT licensed dependencies
    description: ''
    enabled: true
    rules:
      - type: license_finding
        match_on_inclusion: false
        license_types:
          - MIT
        license_states:
          - newly_detected
        branch_type: protected
    actions:
      - type: require_approval
        approvals_required: 1
        group_approvers_ids:
          - 64024513
    approval_settings:
      block_protected_branch_modification:
        enabled: true
  3. Open an MR with the same diff as https://gitlab.com/gitlab-org/govern/security-policies/ali-test-group/debug_license_compliance_widget/-/merge_requests/1+

  4. Notice that both the License Compliance MR widget and the full report indicates the MIT licensed dependencies as Denied.

If the licenses are marked as unknown, you might need to run the LicensesSyncWorker. More instructions on how to run it locally can be found here(internal only).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcos Rocha

Merge request reports

Loading