Ingest container scanning sbom source
What does this MR do and why?
When parsing Container Scanning SBOM files, we need to extract additional details from the metadata.properties
and store them into sbom_source
table. We are already doing the same for Dependency Scanning metadata, so in this MR we are applying already existing solution for Container scanning metadata.
For more details read Store Container Scanning image and operating sy... (#425995 - closed)
Details on implementation:
Majority of changes in this MR were initially merged with !134004 (merged)
However, because of this issue that MR was reverted.
This MR contains additional changes for SBOM Source validation schema that should prevent ingestion task to fail.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Create a new project with next CI config:
variables:
CS_IMAGE: 'photon:latest'
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
- Run CI pipeline
- Go to Rails console
- Run
Sbom::Source.last
- Observe a created Source object with params:
source_type: "container_scanning", source: {"image"=>{"tag"=>"latest", "name"=>"photon"}, "operating_system"=>{"name"=>"Photon OS", "version"=>"5.0"}}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #425995 (closed)