Add SBoM Component tables and models
What does this MR do and why?
This is part one of a three-phase implementation for adding new models to support the tracking of Software Bill of Materials (SBoM) components in GitLab. SBoM is used to create an inventory of the software components which make up an application. We will have dependency scanning / container scanning CI jobs produce CycloneDX SBoM reports as job artifacts. These job artifacts will be consumed by Rails, parsed, and then stored inside these tables.
- Issue: #364576 (closed)
- Epic with more background on the feature: &7886
- Epic for SBoM ingestion: &8024 (closed)
We're using the following initial schema which was determined from a research spike
- Step 1: !90809 (merged) (this MR)
- Step 2: !90812 (merged)
- Step 3: !90814 (merged)
Migrations
$ scripts/db_tasks db:migrate:down VERSION=20220616182015
main: == 20220616182015 CreateSbomComponentVersions: reverting ======================
main: -- drop_table(:sbom_component_versions, {})
main: -> 0.0046s
main: == 20220616182015 CreateSbomComponentVersions: reverted (0.0087s) =============
$ scripts/db_tasks db:migrate:down VERSION=20220616182001
main: == 20220616182001 CreateSbomComponents: reverting =============================
main: -- drop_table(:sbom_components, {})
main: -> 0.0035s
main: == 20220616182001 CreateSbomComponents: reverted (0.0054s) ====================
$ scripts/db_tasks db:migrate
main: == 20220616182001 CreateSbomComponents: migrating =============================
main: -- create_table(:sbom_components, {})
main: -- quote_column_name(:name)
main: -> 0.0000s
main: -> 0.0052s
main: == 20220616182001 CreateSbomComponents: migrated (0.0059s) ====================
main: == 20220616182015 CreateSbomComponentVersions: migrating ======================
main: -- create_table(:sbom_component_versions, {})
main: -- quote_column_name(:version)
main: -> 0.0000s
main: -> 0.0056s
main: == 20220616182015 CreateSbomComponentVersions: migrated (0.0058s) =============
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Brian Williams