Prevent CS SBOM to be parsed as ready for License Scanning rules (!158831) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge alan-prevent-container-scanning-sbom-to-be-treated-as-source-for-license-scanning-rules into master Jul 09, 2024

What does this MR do and why?

This MR adds logic to prevent Container Scanning SBOM to be parsed and used for License Scanning Merge Request Approval Policies.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before	After

How to set up and validate locally

Create new project
Add .gitlab-ci.yml file:

include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml

variables:
  SECURE_LOG_LEVEL: 'debug'
  CS_IMAGE: 'ubuntu:latest'

Run pipeline, go to Pipeline -> Licenses and see that there are no licenses mentioned in that tab.

Edited Jul 10, 2024 by Alan (Maciej) Paruszewski

Prevent CS SBOM to be parsed as ready for License Scanning rules

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports