Skip to content
Snippets Groups Projects
Commit 2de5e814 authored by Oscar Tovar's avatar Oscar Tovar Committed by Tetiana Chupryna
Browse files

Fallback to SBOM license scanning 

When the license scanning sbom scanner FF
is enabled, the license_scanning artifacts
should be prioritized over the SBOM reports.
When finding the scanner for a project, we
determine this by returning the scanner that
has the most recent data. For pipelines, we
first check if it has a license_scanning report
and then fallback to using an SBoM scanner.
parent 8fb2c69e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 258 additions and 179 deletions
ee/app/controllers/ee/projects/pipelines_controller.rb
+ 2
2
View file @ 2de5e814
@@ -28,8 +28,8 @@ def security
end
 
def licenses
report = ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline)
return access_to_licenses_denied! unless report.has_data?
scanner = ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline)
return access_to_licenses_denied! unless scanner.has_data?
 
respond_to do |format|
format.html do
ee/lib/gitlab/license_scanning.rb
+ 21
9
View file @ 2de5e814
@@ -3,20 +3,32 @@
module Gitlab
module LicenseScanning
def self.scanner_for_project(project, ref = project.default_branch)
klass = scanner_class(project)
pipeline = klass.latest_pipeline(project, ref)
klass.new(project, pipeline)
artifact_pipeline = ::Gitlab::LicenseScanning::ArtifactScanner.latest_pipeline(project, ref)
return ::Gitlab::LicenseScanning::ArtifactScanner.new(project, artifact_pipeline) unless Feature.enabled?(
:license_scanning_sbom_scanner, project)
sbom_pipeline = ::Gitlab::LicenseScanning::SbomScanner.latest_pipeline(project, ref)
# If the SBoM pipeline is newer than the artifact
# pipeline, then we use it instead since it has the
# latest license information. We determine which is
# newer by comparing their ids.
if sbom_pipeline&.id.to_i > artifact_pipeline&.id.to_i
::Gitlab::LicenseScanning::SbomScanner.new(project, sbom_pipeline)
else
::Gitlab::LicenseScanning::ArtifactScanner.new(project, artifact_pipeline)
end
end
 
def self.scanner_for_pipeline(project, pipeline)
klass = scanner_class(project)
klass.new(project, pipeline)
end
artifact_scanner = ::Gitlab::LicenseScanning::ArtifactScanner.new(project, pipeline)
return artifact_scanner unless Feature.enabled?(:license_scanning_sbom_scanner, project)
 
def self.scanner_class(project)
return ::Gitlab::LicenseScanning::SbomScanner if Feature.enabled?(:license_scanning_sbom_scanner, project)
return artifact_scanner if artifact_scanner.has_data?
 
::Gitlab::LicenseScanning::ArtifactScanner
::Gitlab::LicenseScanning::SbomScanner.new(project, pipeline)
end
end
end
ee/lib/gitlab/license_scanning/artifact_scanner.rb
+ 1
1
View file @ 2de5e814
@@ -16,7 +16,7 @@ def report
def has_data?
return false if pipeline.blank?
 
pipeline.batch_lookup_report_artifact_for_file_type(:license_scanning).present?
pipeline.has_reports?(::Ci::JobArtifact.of_report_type(:license_scanning))
end
 
def results_available?
ee/spec/controllers/projects/dependencies_controller_spec.rb
+ 5
4
View file @ 2de5e814
@@ -164,10 +164,9 @@
context 'with found license report' do
let(:user) { developer }
let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
let(:license_build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline) }
 
before do
pipeline.builds << license_build
pipeline.builds << build
 
create(:pm_package_version_license, :with_all_relations, name: "nokogiri", purl_type: "gem",
version: "1.8.0", license_name: "BSD")
@@ -176,7 +175,9 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before_all do
let(:build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline) }
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
 
@@ -188,7 +189,7 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, :with_cyclonedx_report, project: project) }
let(:build) { create(:ee_ci_build, :success, :cyclonedx, pipeline: pipeline) }
 
it 'includes license information in response' do
nokogiri = json_response['dependencies'].find { |dep| dep['name'] == 'nokogiri' }
ee/spec/controllers/projects/licenses_controller_spec.rb
+ 18
26
View file @ 2de5e814
@@ -70,14 +70,9 @@
end
 
context 'with existing report' do
let_it_be(:pipeline) do
create(:ci_pipeline, project: project, status: :success,
builds: [
create(:ee_ci_build, :success, :license_scan_v2_1), create(:ee_ci_build, :success, :cyclonedx)
])
end
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
let_it_be(:pipeline) { create(:ci_pipeline, project: project, status: :success, builds: [create(:ee_ci_build, :success, :license_scan_v2_1)]) }
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
get_licenses
@@ -129,7 +124,9 @@
end
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, status: :success, project: project, builds: [create(:ee_ci_build, :success, :cyclonedx)]) }
before do
create(:pm_package_version_license, :with_all_relations, name: "activesupport", purl_type: "gem", version: "5.1.4", license_name: "MIT")
create(:pm_package_version_license, :with_all_relations, name: "github.com/sirupsen/logrus", purl_type: "golang", version: "v1.4.2", license_name: "MIT")
@@ -188,23 +185,17 @@
end
 
context "when software policies are applied to some of the most recently detected licenses" do
let_it_be(:pipeline) do
create(:ci_pipeline, project: project, status: :success,
builds: [
create(:ee_ci_build, :success, :license_scan_v2_1), create(:ee_ci_build, :success, :cyclonedx)
])
end
context "when the license_scanning_sbom_scanner feature flag is false" do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
context "when the license_scanning_sbom_scanner feature flag is disabled" do
let_it_be(:pipeline) { create(:ci_pipeline, project: project, status: :success, builds: [create(:ee_ci_build, :success, :license_scan_v2_1)]) }
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
context "when loading all policies" do
before do
get :index, params: {
@@ -367,7 +358,13 @@
end
end
 
context "when the license_scanning_sbom_scanner feature flag is true" do
context "when the license_scanning_sbom_scanner feature flag is enabled" do
let_it_be(:pipeline) { create(:ee_ci_pipeline, status: :success, project: project, builds: [create(:ee_ci_build, :success, :cyclonedx)]) }
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
before do
create(:pm_package_version_license, :with_all_relations, name: "activesupport", purl_type: "gem", version: "5.1.4", license_name: "MIT")
create(:pm_package_version_license, :with_all_relations, name: "github.com/sirupsen/logrus", purl_type: "golang", version: "v1.4.2", license_name: "MIT")
@@ -377,11 +374,6 @@
get_licenses
end
 
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
context "when loading all policies" do
before do
get :index, params: {
ee/spec/controllers/projects/pipelines_controller_spec.rb
+ 113
95
View file @ 2de5e814
@@ -87,11 +87,9 @@
 
let(:payload) { Gitlab::Json.parse(licenses_with_json.body) }
 
context 'with a license scanning artifact' do
before do
build = create(:ci_build, pipeline: pipeline)
create(:ee_ci_job_artifact, :license_scanning, job: build)
end
context 'with a license_scanning report' do
let_it_be(:build) { create(:ci_build, pipeline: pipeline) }
let_it_be(:report) { create(:ee_ci_job_artifact, :license_scanning, job: build) }
 
context 'with feature enabled' do
before do
@@ -125,84 +123,135 @@
stub_licensed_features(license_scanning: true)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
# Tests fallback behavior which states that we use license_scanning reports
# if they exist and only fallback to SboM scanning when they do not,
[false, true].each do |flag_status|
context "when the license_scanning_sbom_scanner feature flag is #{flag_status ? 'enabled' : 'disabled'}" do
let(:scanner) { ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline) }
 
it 'returns license scanning report in json format' do
expect(payload.size).to eq(pipeline.license_scanning_report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
before do
stub_feature_flags(license_scanning_sbom_scanner: flag_status)
end
 
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(pipeline.license_scanning_report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to eq('http://opensource.org/licenses/mit-license')
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
it 'returns license scanning report in json format' do
expect(payload.size).to eq(scanner.report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
 
context 'approval_status' do
subject(:status) { payload.find { |l| l['name'] == 'MIT' }.dig('classification', 'approval_status') }
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(scanner.report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to eq('http://opensource.org/licenses/mit-license')
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
 
it { is_expected.to eq('allowed') }
end
context 'approval_status' do
subject(:status) { payload.find { |l| l['name'] == 'MIT' }.dig('classification', 'approval_status') }
 
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'MIT',
'New BSD',
'unknown'
])
end
it { is_expected.to eq('allowed') }
end
 
it 'returns a JSON representation of the license data' do
expect(payload).to be_present
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'MIT',
'New BSD',
'unknown'
])
end
 
payload.each do |item|
expect(item['name']).to be_present
expect(item['classification']).to have_key('id')
expect(item.dig('classification', 'approval_status')).to be_present
expect(item.dig('classification', 'name')).to be_present
expect(item).to have_key('dependencies')
item['dependencies'].each do |dependency|
expect(dependency['name']).to be_present
it 'returns a JSON representation of the license data' do
expect(payload).to be_present
payload.each do |item|
expect(item['name']).to be_present
expect(item['classification']).to have_key('id')
expect(item.dig('classification', 'approval_status')).to be_present
expect(item.dig('classification', 'name')).to be_present
expect(item).to have_key('dependencies')
item['dependencies'].each do |dependency|
expect(dependency['name']).to be_present
end
expect(item['count']).to be_present
expect(item).to have_key('url')
end
expect(item['count']).to be_present
expect(item).to have_key('url')
end
end
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
context "when not authorized" do
before do
# Seed the database with licenses for some of the components using the deprecated
# license scanning artifact as a source.
components = Gitlab::LicenseScanning::PipelineComponents.new(pipeline: pipeline).fetch
components.each do |c|
licenses = []
pipeline.license_scanning_report.licenses.each do |license|
license.dependencies.each { |dep| licenses << license.name if c.name == dep.name }
end
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(user, :read_licenses, project).and_return(false)
 
licenses.each do |license_name|
create(:pm_package_version_license, :with_all_relations, name: c.name, purl_type: c.purl_type, version: c.version, license_name: license_name)
end
end
licenses_with_json
end
 
specify { expect(response).to have_gitlab_http_status(:not_found) }
end
end
context 'with feature disabled' do
before do
licenses_with_html
end
it 'redirects to the pipeline page' do
expect(response).to redirect_to(pipeline_path(pipeline))
end
end
context 'with feature disabled json' do
before do
licenses_with_json
end
it 'will not return report' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with a cyclonedx report' do
let_it_be(:build) { create(:ci_build, pipeline: pipeline) }
let_it_be(:report) { create(:ee_ci_job_artifact, :cyclonedx, job: build) }
before do
create(:pm_package_version_license, :with_all_relations, name: "esutils", purl_type: "npm", version: "2.0.3", license_name: "BSD-2-Clause")
create(:pm_package_version_license, :with_all_relations, name: "github.com/astaxie/beego", purl_type: "golang", version: "v1.10.0", license_name: "Apache-2.0")
create(:pm_package_version_license, :with_all_relations, name: "nokogiri", purl_type: "gem", version: "1.8.0", license_name: "MIT")
end
context 'with feature enabled' do
before do
stub_licensed_features(license_scanning: true)
licenses_with_html
end
context 'when the license_scanning_sbom_scanner feature flag is true' do
it 'responds with a 200 and show the template' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template :show
end
end
end
context 'with feature enabled json' do
let(:scanner) { ::Gitlab::LicenseScanning.scanner_for_pipeline(project, pipeline) }
before do
stub_licensed_features(license_scanning: true)
end
context "when the license_scanning_sbom_scanner feature flag is enabled" do
it 'returns license scanning report in json format' do
expect(payload.size).to eq(4)
expect(payload.size).to eq(scanner.report.licenses.size)
expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
end
 
it 'returns MIT license allowed status' do
payload_mit = payload.find { |l| l['name'] == 'MIT' }
expect(payload_mit['count']).to eq(13)
expect(payload_mit['count']).to eq(scanner.report.licenses.find { |x| x.name == 'MIT' }.count)
expect(payload_mit['url']).to be_empty
expect(payload_mit['classification']['approval_status']).to eq('allowed')
end
@@ -215,9 +264,9 @@
 
it 'returns the JSON license data sorted by license name' do
expect(payload.pluck('name')).to eq([
'Apache 2.0',
'Apache-2.0',
'BSD-2-Clause',
'MIT',
'New BSD',
'unknown'
])
end
@@ -239,41 +288,10 @@
end
end
end
context "when not authorized" do
before do
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(user, :read_licenses, project).and_return(false)
licenses_with_json
end
specify { expect(response).to have_gitlab_http_status(:not_found) }
end
end
context 'with feature disabled' do
before do
licenses_with_html
end
it 'redirects to the pipeline page' do
expect(response).to redirect_to(pipeline_path(pipeline))
end
end
context 'with feature disabled json' do
before do
licenses_with_json
end
it 'will not return report' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
 
context 'without license scanning artifact' do
context 'without a license_scanning or cyclonedx report' do
context 'with feature enabled' do
before do
stub_licensed_features(license_scanning: true)
ee/spec/features/projects/licenses/maintainer_views_policies_spec.rb
+ 6
1
View file @ 2de5e814
@@ -55,7 +55,7 @@
context "when a pipeline exists" do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, project: project, status: :success,
builds: [create(:ee_ci_build, :license_scan_v2, :success), create(:ee_ci_build, :cyclonedx, :success)])
builds: [create(:ee_ci_build, :license_scan_v2, :success)])
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
@@ -77,6 +77,11 @@
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, project: project, status: :success,
builds: [create(:ee_ci_build, :cyclonedx, :success)])
end
it 'displays licenses detected in the most recent scan report' do
known_licenses.each do |license|
selector = "div[data-spdx-id='#{license['id']}'"
ee/spec/lib/gitlab/license_scanning_spec.rb
+ 79
32
View file @ 2de5e814
@@ -38,32 +38,54 @@
end
end
 
context('when the license_scanning_sbom_scanner feature flag is true for the given project') do
context 'when the license_scanning_sbom_scanner feature flag is true for the given project' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
let_it_be(:latest_pipeline) { nil }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
stub_feature_flags(license_scanning_sbom_scanner: project)
end
 
it "returns an SBOM scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "when project only has pipelines with a sbom report" do
it "returns an sbom scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
 
context "with default ref" do
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
context "with default ref" do
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
end
context "with provided ref" do
subject(:scanner) { described_class.scanner_for_project(project, "license_scanning_branch") }
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
end
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context "with provided ref" do
subject(:scanner) { described_class.scanner_for_project(project, "license_scanning_branch") }
context "when project has pipelines with license scanning and sbom reports" do
context "when the license scanning report is newer than the sbom report" do
let_it_be(:latest_pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
 
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
it "returns an artifact scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
end
 
it "contains a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
context "when the sbom report is newer than the license scanning report" do
let_it_be(:latest_pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
it "returns an sbom scanner" do
expect(scanner).to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
end
end
end
@@ -72,18 +94,18 @@
describe "#scanner_for_pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline) }
 
context('when the license_scanning_sbom_scanner feature flag is false') do
context 'when the license_scanning_sbom_scanner feature flag is false' do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
 
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
 
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
context "with default branch pipeline" do
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
@@ -96,38 +118,63 @@
create(:ee_ci_pipeline, :with_license_scanning_report, project: project, ref: "license_scanning_branch")
end
 
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context('when the license_scanning_sbom_scanner feature flag is true for the given pipeline.project') do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
context 'when the license_scanning_sbom_scanner feature flag is true for the given pipeline.project' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
stub_feature_flags(license_scanning_sbom_scanner: project)
end
 
it "returns an SBOM scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "when pipeline has only an sbom report" do
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_cyclonedx_report, project: project) }
 
context "with default branch pipeline" do
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
it "returns an sbom scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
context "with default branch pipeline" do
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline)
end
end
context "with non-default branch pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline_2) }
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_cyclonedx_report, project: project, ref: "license_scanning_branch")
end
it "returns an sbom scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::SbomScanner)
end
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
end
end
end
 
context "with non-default branch pipeline" do
subject(:scanner) { described_class.scanner_for_pipeline(project, pipeline_2) }
context "when pipeline has license scanning and sbom reports" do
let_it_be(:pipeline) do
create(:ee_ci_pipeline, :with_license_scanning_report, :with_cyclonedx_report, project: project)
end
 
let_it_be(:pipeline_2) do
create(:ee_ci_pipeline, :with_license_scanning_report, project: project, ref: "license_scanning_branch")
it "returns an artifact scanner" do
is_expected.to be_a_kind_of(::Gitlab::LicenseScanning::ArtifactScanner)
end
 
it "returns a pipeline" do
expect(scanner.pipeline).to eq(pipeline_2)
expect(scanner.pipeline).to eq(pipeline)
end
end
end
ee/spec/models/merge_request_spec.rb
+ 13
9
View file @ 2de5e814
@@ -282,7 +282,7 @@
synchronous_reactive_cache(merge_request)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -290,7 +290,7 @@
it { is_expected.to be_truthy }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let(:merge_request) { create(:ee_merge_request, :with_cyclonedx_reports, source_project: project) }
let(:denied_policy) { build(:software_license_policy, :denied, software_license: build(:software_license, :apache_2_0)) }
 
@@ -318,7 +318,7 @@
allow_any_instance_of(ApprovalWrappedRule).to receive(:approved?).and_return(false)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -326,7 +326,7 @@
it { is_expected.to be_truthy }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
let(:merge_request) { create(:ee_merge_request, :with_cyclonedx_reports, source_project: project) }
let(:denied_policy) { build(:software_license_policy, :denied, software_license: build(:software_license, :apache_2_0)) }
 
@@ -344,7 +344,7 @@
allow_any_instance_of(ApprovalWrappedRule).to receive(:approved?).and_return(true)
end
 
context 'when the license_scanning_sbom_scanner feature flag is false' do
context 'when the license_scanning_sbom_scanner feature flag is disabled' do
before do
stub_feature_flags(license_scanning_sbom_scanner: false)
end
@@ -352,7 +352,7 @@
it { is_expected.to be_falsey }
end
 
context 'when the license_scanning_sbom_scanner feature flag is true' do
context 'when the license_scanning_sbom_scanner feature flag is enabled' do
it { is_expected.to be_falsey }
end
end
@@ -757,7 +757,7 @@
end
end
 
describe '#compare_license_scanning_reports' do
describe '#compare_license_scanning_reports', feature_category: :license_compliance do
subject { merge_request.compare_license_scanning_reports(current_user) }
 
let(:current_user) { project.users.first }
@@ -877,7 +877,7 @@
end
end
 
describe '#compare_license_scanning_reports_collapsed' do
describe '#compare_license_scanning_reports_collapsed', feature_category: :license_compliance do
subject(:report) { merge_request.compare_license_scanning_reports_collapsed(current_user) }
 
let(:current_user) { project.users.first }
@@ -901,7 +901,11 @@
before do
merge_request.update!(head_pipeline_id: head_pipeline.id)
 
allow_next_instance_of(::Gitlab::LicenseScanning::BaseScanner) do |scanner|
allow_next_instance_of(::Gitlab::LicenseScanning::ArtifactScanner) do |scanner|
allow(scanner).to receive(:results_available?).and_return(true)
end
allow_next_instance_of(::Gitlab::LicenseScanning::SbomScanner) do |scanner|
allow(scanner).to receive(:results_available?).and_return(true)
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment