Skip to content
Snippets Groups Projects
Commit 1ac0c568 authored by Tetiana Chupryna's avatar Tetiana Chupryna
Browse files

Merge branch... 

Merge branch '384936-fallback-to-license-scanning-sbom-scanner-when-no-license-scanning-artifacts' into 'master'

Add behavior to fallback to SBoM license scanning

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111699



Merged-by: default avatarTetiana Chupryna <tchupryna@gitlab.com>
Approved-by: default avatarFabien Catteau <fcatteau@gitlab.com>
Approved-by: default avatarTetiana Chupryna <tchupryna@gitlab.com>
Co-authored-by: default avatarOscar Tovar <otovar@gitlab.com>
parents d3cf6864 2de5e814
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 258 additions and 179 deletions
ee/app/controllers/ee/projects/pipelines_controller.rb
+ 2
2
View file @ 1ac0c568
@@ -28,8 +28,8 @@ def security
end
 
def licenses
report = ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline)
return access_to_licenses_denied! unless report.has_data?
scanner = ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline)
return access_to_licenses_denied! unless scanner.has_data?
 
respond_to do |format|
format.html do
ee/lib/gitlab/license_scanning.rb
+ 21
9
View file @ 1ac0c568
@@ -3,20 +3,32 @@
module Gitlab
module LicenseScanning
def self.scanner_for_project(project, ref = project.default_branch)
klass = scanner_class(project)
pipeline = klass.latest_pipeline(project, ref)
klass.new(project, pipeline)
artifact_pipeline = ::Gitlab::LicenseScanning::ArtifactScanner.latest_pipeline(project, ref)
return ::Gitlab::LicenseScanning::ArtifactScanner.new(project, artifact_pipeline) unless Feature.enabled?(
:license_scanning_sbom_scanner, project)
sbom_pipeline = ::Gitlab::LicenseScanning::SbomScanner.latest_pipeline(project, ref)
# If the SBoM pipeline is newer than the artifact
# pipeline, then we use it instead since it has the
# latest license information. We determine which is
# newer by comparing their ids.
if sbom_pipeline&.id.to_i > artifact_pipeline&.id.to_i
::Gitlab::LicenseScanning::SbomScanner.new(project, sbom_pipeline)
else
::Gitlab::LicenseScanning::ArtifactScanner.new(project, artifact_pipeline)
end
end
 
def self.scanner_for_pipeline(project, pipeline)
klass = scanner_class(project)
klass.new(project, pipeline)
end
artifact_scanner = ::Gitlab::LicenseScanning::ArtifactScanner.new(project, pipeline)
return artifact_scanner unless Feature.enabled?(:license_scanning_sbom_scanner, project)
 
def self.scanner_class(project)
return ::Gitlab::LicenseScanning::SbomScanner if Feature.enabled?(:license_scanning_sbom_scanner, project)
return artifact_scanner if artifact_scanner.has_data?
 
::Gitlab::LicenseScanning::ArtifactScanner
::Gitlab::LicenseScanning::SbomScanner.new(project, pipeline)
end
end
end
ee/lib/gitlab/license_scanning/artifact_scanner.rb
+ 1
1
View file @ 1ac0c568
@@ -16,7 +16,7 @@ def report
def has_data?
return false if pipeline.blank?
 
pipeline.batch_lookup_report_artifact_for_file_type(:license_scanning).present?
pipeline.has_reports?(::Ci::JobArtifact.of_report_type(:license_scanning))
end
 
def results_available?
ee/spec/controllers/projects/dependencies_controller_spec.rb
+ 5
4
View file @ 1ac0c568
@@ -164,10 +164,9 @@
context 'with found license report' do
let(:user) { developer }
let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
let(:license_build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline) }
 
before do
pipeline.builds << license_build
pipeline.builds << build
 
create(:pm_package_version_license, :with_all_relations, name: "nokogiri", purl_type: "gem",
version: "1.8.0", license_name: "BSD")
@@ -176,7 +175,9 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before_all do
let(:build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline) }
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
 
@@ -188,7 +189,7 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, :with_cyclonedx_report, project: project) }
let(:build) { create(:ee_ci_build, :success, :cyclonedx, pipeline: pipeline) }
 
it 'includes license information in response' do
nokogiri = json_response['dependencies'].find { |dep| dep['name'] == 'nokogiri' }
ee/spec/controllers/projects/licenses_controller_spec.rb
+ 18
26
View file @ 1ac0c568
@@ -70,14 +70,9 @@
end
 
context 'with existing report' do
let_it_be(:pipeline) do
create(:ci_pipeline, project: project, status: :success,
builds: [
create(:ee_ci_build, :success, :license_scan_v2_1), create(:ee_ci_build, :success, :cyclonedx)
])
end
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
let_it_be(:pipeline) { create(:ci_pipeline, project: project, status: :success, builds: [create(:ee_ci_build, :success, :license_scan_v2_1)]) }
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
get_licenses
@@ -129,7 +124,9 @@
end
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, status: :success, project: project, builds: [create(:ee_ci_build, :success, :cyclonedx)]) }
before do
create(:pm_package_version_license, :with_all_relations, name: "activesupport", purl_type: "gem", version: "5.1.4", license_name: "MIT")
create(:pm_package_version_license, :with_all_relations, name: "github.com/sirupsen/logrus", purl_type: "golang", version: "v1.4.2", license_name: "MIT")
@@ -188,23 +185,17 @@
end
 
context "when software policies are applied to some of the most recently detected licenses" do
let_it_be(:pipeline) do
create(:ci_pipeline, project: project, status: :success,
builds: [
create(:ee_ci_build, :success, :license_scan_v2_1), create(:ee_ci_build, :success, :cyclonedx)
])
end
context "when the license_scanning_sbom_scanner feature flag is false" do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
context "when the license_scanning_sbom_scanner feature flag is disabled" do
let_it_be(:pipeline) { create(:ci_pipeline, project: project, status: :success, builds: [create(:ee_ci_build, :success, :license_scan_v2_1)]) }
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
context "when loading all policies" do
before do
get :index, params: {
@@ -367,7 +358,13 @@
end
end
 
context "when the license_scanning_sbom_scanner feature flag is true" do
context "when the license_scanning_sbom_scanner feature flag is enabled" do
let_it_be(:pipeline) { create(:ee_ci_pipeline, status: :success, project: project, builds: [create(:ee_ci_build, :success, :cyclonedx)]) }
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
before do
create(:pm_package_version_license, :with_all_relations, name: "activesupport", purl_type: "gem", version: "5.1.4", license_name: "MIT")
create(:pm_package_version_license, :with_all_relations, name: "github.com/sirupsen/logrus", purl_type: "golang", version: "v1.4.2", license_name: "MIT")
@@ -377,11 +374,6 @@
get_licenses
end
 
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
context "when loading all policies" do
before do
get :index, params: {
ee/spec/controllers/projects/pipelines_controller_spec.rb
+ 113
95
View file @ 1ac0c568
@@ -87,11 +87,9 @@
 
let(:payload) { Gitlab::Json.parse(licenses_with_json.body) }
 
context 'with a license scanning artifact' do
before do
build = create(:ci_build, pipeline: pipeline)
create(:ee_ci_job_artifact, :license_scanning, job: build)
end
context 'with a license_scanning report' do
let_it_be(:build) { create(:ci_build, pipeline: pipeline) }
let_it_be(:report) { create(:ee_ci_job_artifact, :license_scanning, job: build) }
 
context 'with feature enabled' do
before do
@@ -125,84 +123,135 @@
stub_licensed_features(license_scanning: true)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
# Tests fallback behavior which states that we use license_scanning reports
# if they exist and only fallback to SboM scanning when they do not,
[false, true].each do |flag_status|
context "when the license_scanning_sbom_scanner feature flag is #{flag_status ? 'enabled' : 'disabled'}" do
let(:scanner) { ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline) }
 
it 'returns license scanning report in json format' do
expect(payload.size).to eq(pipeline.license_scanning_report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
before do
stub_feature_flags(license_scanning_sbom_scanner: flag_status)
end
 
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(pipeline.license_scanning_report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to eq('http://opensource.org/licenses/mit-license')
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
it 'returns license scanning report in json format' do
expect(payload.size).to eq(scanner.report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
 
context 'approval_status' do
subject(:status) { payload.find { |l| l['name'] == 'MIT' }.dig('classification', 'approval_status') }
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(scanner.report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to eq('http://opensource.org/licenses/mit-license')
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
 
it { is_expected.to eq('allowed') }
end
context 'approval_status' do
subject(:status) { payload.find { |l| l['name'] == 'MIT' }.dig('classification', 'approval_status') }
 
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'MIT',
'New BSD',
'unknown'
])
end
it { is_expected.to eq('allowed') }
end
 
it 'returns a JSON representation of the license data' do
expect(payload).to be_present
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'MIT',
'New BSD',
'unknown'
])
end
 
payload.each do |item|
expect(item['name']).to be_present
expect(item['classification']).to have_key('id')
expect(item.dig('classification', 'approval_status')).to be_present
expect(item.dig('classification', 'name')).to be_present
expect(item).to have_key('dependencies')
item['dependencies'].each do |dependency|
expect(dependency['name']).to be_present
it 'returns a JSON representation of the license data' do
expect(payload).to be_present
payload.each do |item|
expect(item['name']).to be_present
expect(item['classification']).to have_key('id')
expect(item.dig('classification', 'approval_status')).to be_present
expect(item.dig('classification', 'name')).to be_present
expect(item).to have_key('dependencies')
item['dependencies'].each do |dependency|
expect(dependency['name']).to be_present
end
expect(item['count']).to be_present
expect(item).to have_key('url')
end
expect(item['count']).to be_present
expect(item).to have_key('url')
end
end
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
context "when not authorized" do
before do
# Seed the database with licenses for some of the components using the deprecated
# license scanning artifact as a source.
components = Gitlab::LicenseScanning::PipelineComponents.new(pipeline: pipeline).fetch
components.each do |c|
licenses = []
pipeline.license_scanning_report.licenses.each do |license|
license.dependencies.each { |dep| licenses << license.name if c.name == dep.name }
end
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(user, :read_licenses, project).and_return(false)
 
licenses.each do |license_name|
create(:pm_package_version_license, :with_all_relations, name: c.name, purl_type: c.purl_type, version: c.version, license_name: license_name)
end
end
licenses_with_json
end
 
specify { expect(response).to have_gitlab_http_status(:not_found) }
end
end
context 'with feature disabled' do
before do
licenses_with_html
end
it 'redirects to the pipeline page' do
expect(response).to redirect_to(pipeline_path(pipeline))
end
end
context 'with feature disabled json' do
before do
licenses_with_json
end
it 'will not return report' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with a cyclonedx report' do
let_it_be(:build) { create(:ci_build, pipeline: pipeline) }
let_it_be(:report) { create(:ee_ci_job_artifact, :cyclonedx, job: build) }
before do
create(:pm_package_version_license, :with_all_relations, name: "esutils", purl_type: "npm", version: "2.0.3", license_name: "BSD-2-Clause")
create(:pm_package_version_license, :with_all_relations, name: "github.com/astaxie/beego", purl_type: "golang", version: "v1.10.0", license_name: "Apache-2.0")
create(:pm_package_version_license, :with_all_relations, name: "nokogiri", purl_type: "gem", version: "1.8.0", license_name: "MIT")
end
context 'with feature enabled' do
before do
stub_licensed_features(license_scanning: true)
licenses_with_html
end
context 'when the license_scanning_sbom_scanner feature flag is true' do
it 'responds with a 200 and show the template' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template :show
end
end
end
context 'with feature enabled json' do
let(:scanner) { ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline) }
before do
stub_licensed_features(license_scanning: true)
end
context "when the license_scanning_sbom_scanner feature flag is enabled" do
it 'returns license scanning report in json format' do
expect(payload.size).to eq(4)
expect(payload.size).to eq(scanner.report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
 
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(13)
expect(payload_mit['count']).to eq(scanner.report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to be_empty
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
@@ -215,9 +264,9 @@
 
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'Apache-2.0',
'BSD-2-Clause',
'MIT',
'New BSD',
'unknown'
])
end
@@ -239,41 +288,10 @@
end
end
end
context "when not authorized" do
before do
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(user, :read_licenses, project).and_return(false)
licenses_with_json
end
specify { expect(response).to have_gitlab_http_status(:not_found) }
end
end
context 'with feature disabled' do
before do
licenses_with_html
end
it 'redirects to the pipeline page' do
expect(response).to redirect_to(pipeline_path(pipeline))
end
end
context 'with feature disabled json' do
before do
licenses_with_json
end
it 'will not return report' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
 
context 'without license scanning artifact' do
context 'without a license_scanning or cyclonedx report' do
context 'with feature enabled' do
before do
stub_licensed_features(license_scanning: true)
ee/spec/features/projects/licenses/maintainer_views_policies_spec.rb
+ 6
1
View file @ 1ac0c568
@@ -55,7 +55,7 @@
context "when a pipeline exists" do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, project: project, status: :success,
builds: [create(:ee_ci_build, :license_scan_v2, :success), create(:ee_ci_build, :cyclonedx, :success)])
builds: [create(:ee_ci_build, :license_scan_v2, :success)])
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
@@ -77,6 +77,11 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, project: project, status: :success,
builds: [create(:ee_ci_build, :cyclonedx, :success)])
end
it 'displays licenses detected in the most recent scan report' do
known_licenses.each do |license|
selector = "div[data-spdx-id='#{license['id']}'"
ee/spec/lib/gitlab/license_scanning_spec.rb
+ 79
32
View file @ 1ac0c568
@@ -38,32 +38,54 @@
end
end
 
context('when the license_scanning_sbom_scanner feature flag is true for the given project') do
context 'when the license_scanning_sbom_scanner feature flag is true for the given project' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
let_it_be(:latest_pipeline) { nil }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
stub_feature_flags(license_scanning_sbom_scanner: project)
end
 
it "returns an SBOM scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "when project only has pipelines with a sbom report" do
it "returns an sbom scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
 
context "with default ref" do
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
context "with default ref" do
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
end
context "with provided ref" do
subject(:scanner) { described_class.scanner_for_project(project, "license_scanning_branch") }
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
end
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context "with provided ref" do
subject(:scanner) { described_class.scanner_for_project(project, "license_scanning_branch") }
context "when project has pipelines with license scanning and sbom reports" do
context "when the license scanning report is newer than the sbom report" do
let_it_be(:latest_pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
 
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
it "returns an artifact scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
end
 
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
context "when the sbom report is newer than the license scanning report" do
let_it_be(:latest_pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
it "returns an sbom scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
end
end
end
@@ -72,18 +94,18 @@
describe "#scanner_for_pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline) }
 
context('when the license_scanning_sbom_scanner feature flag is false') do
context 'when the license_scanning_sbom_scanner feature flag is false' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
 
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
context "with default branch pipeline" do
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
@@ -96,38 +118,63 @@
create(:ee_ci_pipeline, :with_license_scanning_report, project: project, ref: "license_scanning_branch")
end
 
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context('when the license_scanning_sbom_scanner feature flag is true for the given pipeline.project') do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
context 'when the license_scanning_sbom_scanner feature flag is true for the given pipeline.project' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
stub_feature_flags(license_scanning_sbom_scanner: project)
end
 
it "returns an SBOM scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "when pipeline has only an sbom report" do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
 
context "with default branch pipeline" do
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
it "returns an sbom scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "with default branch pipeline" do
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
end
context "with non-default branch pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline_2) }
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
end
it "returns an sbom scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context "with non-default branch pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline_2) }
context "when pipeline has license scanning and sbom reports" do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, :with_license_scanning_report, :with_cyclonedx_report, project: project)
end
 
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_license_scanning_report, project: project, ref: "license_scanning_branch")
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
 
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
expect(scanner.pipeline).to eq(pipeline)
end
end
end
ee/spec/models/merge_request_spec.rb
+ 13
9
View file @ 1ac0c568
@@ -282,7 +282,7 @@
synchronous_reactive_cache(merge_request)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -290,7 +290,7 @@
it { is_expected.to be_truthy }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let(:merge_request) { create(:ee_merge_request, :with_cyclonedx_reports, source_project: project) }
let(:denied_policy) { build(:software_license_policy, :denied, software_license: build(:software_license, :apache_2_0)) }
 
@@ -318,7 +318,7 @@
allow_any_instance_of(ApprovalWrappedRule).to receive(:approved?).and_return(false)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -326,7 +326,7 @@
it { is_expected.to be_truthy }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let(:merge_request) { create(:ee_merge_request, :with_cyclonedx_reports, source_project: project) }
let(:denied_policy) { build(:software_license_policy, :denied, software_license: build(:software_license, :apache_2_0)) }
 
@@ -344,7 +344,7 @@
allow_any_instance_of(ApprovalWrappedRule).to receive(:approved?).and_return(true)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -352,7 +352,7 @@
it { is_expected.to be_falsey }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
it { is_expected.to be_falsey }
end
end
@@ -757,7 +757,7 @@
end
end
 
describe '#compare_license_scanning_reports' do
describe '#compare_license_scanning_reports', feature_category: :license_compliance do
subject { merge_request.compare_license_scanning_reports(current_user) }
 
let(:current_user) { project.users.first }
@@ -877,7 +877,7 @@
end
end
 
describe '#compare_license_scanning_reports_collapsed' do
describe '#compare_license_scanning_reports_collapsed', feature_category: :license_compliance do
subject(:report) { merge_request.compare_license_scanning_reports_collapsed(current_user) }
 
let(:current_user) { project.users.first }
@@ -901,7 +901,11 @@
before do
merge_request.update!(head_pipeline_id: head_pipeline.id)
 
allow_next_instance_of(::Gitlab::LicenseScanning::BaseScanner) do |scanner|
allow_next_instance_of(::Gitlab::LicenseScanning::ArtifactScanner) do |scanner|
allow(scanner).to receive(:results_available?).and_return(true)
end
allow_next_instance_of(::Gitlab::LicenseScanning::SbomScanner) do |scanner|
allow(scanner).to receive(:results_available?).and_return(true)
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment