Replace data source for CVS on sbom change (!162881) · Merge requests · GitLab.org / GitLab

Zamir Martins requested to merge replace_data_source_for_cvs_on_sbom_change into master Aug 15, 2024

What does this MR do and why?

Replace data source for CVS on sbom change. This feature is behind dependency_scanning_using_sbom_reports feature flag.

EE: true

Related issue: #464575 (closed)

edit: After the initial review it has been suggested that there should be some kind of optmization for the calls to ::Security::Ingestion::IngestCvsSliceService.execute. This change has been added as part of !162881 (b201e520)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

CVS on SBOM changes

gl-sbom-pypi-setuptools.cdx.json

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Aug 22, 2024 by Zamir Martins

Replace data source for CVS on sbom change

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

CVS on SBOM changes

How to set up and validate locally

Merge request reports