feat: Decompose sbom_source_packages from sbom_occurrences
What does this MR do and why?
Transition sbom_source_packages to loose foreig... (#469539 - closed)
- Moves
sbom_source_packages
table togitlab_sec
DB - Updates
sbom_occurrences.source_package_id
fkey to allowlist cross database joins
Allowing cross DB joins is a temporary measure until we can migrate the sbom_occurrences
table to the gitlab_sec DB as well, see parent epic for full scope of effort
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
This is somewhat involved but can be tested as described:
-
gitlab_sec
DB can be enabled in GDK as either an independent database or the default behavior, falling back to using the main DBgdk config set gitlab.rails.databases.sec.enabled true
gdk reconfigure
rake db:create db:migrate
-
Ingest an SBOM report. Easiest way is using a fixture by setting the file as a CI job cyclonedx report artifact to be uploaded directly:
gemnasium-dependency_scanning: stage: test script: 'pwd' artifacts: reports: cyclonedx: "**/gl-sbom-*.cdx.json"
- Ensure pipeline has completed successfully and sidekiq jobs have completed
- Check Project dependency list for results
Edited by Lucas Charles