Hide SBOM pipeline status if no ID
What does this MR do and why?
The pipeline status component on the vulnerability report page always displays SBOM pipeline information even if there is no pipeline.
Related to Update Vuln Dashboard UI to include SBOM pipeli... (!128256 - merged)
Screenshots or screen recordings
Before | After |
---|---|
Validation
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
Mock no SBOM pipeline
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Edit file
.gitlab-ci.yml
and remove
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- Run change on main and this should start a pipeline
- when pipeline is done, check vulnerability report and validate it does not show any SBOM pipeline status
With SBOM pipeline
- Add the removed lines again from
.gitlab-ci.yml
, run new pipeline and SBOM status is shown
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lorenz van Herwaarden