6 files changed, 52 insertions, 3 deletions

diff --git a/lib/gitlab/ci/reports/codequality_reports.rb b/lib/gitlab/ci/reports/codequality_reports.rb
index 353d359fde8..3196bf3fc6d 100644
--- a/lib/gitlab/ci/reports/codequality_reports.rb
+++ b/lib/gitlab/ci/reports/codequality_reports.rb
@@ -37,8 +37,6 @@ module Gitlab
           end.to_h
         end
 
-        private
-
         def valid_degradation?(degradation)
           JSONSchemer.schema(Pathname.new(CODECLIMATE_SCHEMA_PATH)).valid?(degradation)
         rescue StandardError => _
diff --git a/lib/gitlab/ci/reports/sbom/component.rb b/lib/gitlab/ci/reports/sbom/component.rb
index 198b34451b4..5188304f4ed 100644
--- a/lib/gitlab/ci/reports/sbom/component.rb
+++ b/lib/gitlab/ci/reports/sbom/component.rb
@@ -7,11 +7,34 @@ module Gitlab
         class Component
           attr_reader :component_type, :name, :version
 
-          def initialize(type:, name:, version:)
+          def initialize(type:, name:, purl:, version:)
             @component_type = type
             @name = name
+            @purl = purl
             @version = version
           end
+
+          def ingestible?
+            supported_component_type? && supported_purl_type?
+          end
+
+          def purl
+            return unless @purl
+
+            ::Sbom::PackageUrl.parse(@purl)
+          end
+
+          private
+
+          def supported_component_type?
+            ::Enums::Sbom.component_types.include?(component_type.to_sym)
+          end
+
+          def supported_purl_type?
+            return true unless purl
+
+            ::Enums::Sbom.purl_types.include?(purl.type.to_sym)
+          end
         end
       end
     end
diff --git a/lib/gitlab/ci/reports/sbom/report.rb b/lib/gitlab/ci/reports/sbom/report.rb
index 4f84d12f78c..51fa8ce0d2e 100644
--- a/lib/gitlab/ci/reports/sbom/report.rb
+++ b/lib/gitlab/ci/reports/sbom/report.rb
@@ -12,6 +12,10 @@ module Gitlab
             @errors = []
           end
 
+          def valid?
+            errors.empty?
+          end
+
           def add_error(error)
             errors << error
           end
diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb
index 911a7f5d358..dd9b9cc6d55 100644
--- a/lib/gitlab/ci/reports/security/finding.rb
+++ b/lib/gitlab/ci/reports/security/finding.rb
@@ -156,6 +156,14 @@ module Gitlab
             signatures.present?
           end
 
+          def false_positive?
+            flags.any?(&:false_positive?)
+          end
+
+          def remediation_byte_offsets
+            remediations.map(&:byte_offsets).compact
+          end
+
           def raw_metadata
             @raw_metadata ||= original_data.to_json
           end
@@ -176,6 +184,10 @@ module Gitlab
             original_data['location']
           end
 
+          def assets
+            original_data['assets'] || []
+          end
+
           # Returns either the max priority signature hex
           # or the location fingerprint
           def location_fingerprint
diff --git a/lib/gitlab/ci/reports/security/flag.rb b/lib/gitlab/ci/reports/security/flag.rb
index 8370dd60418..e1fbd4c0eff 100644
--- a/lib/gitlab/ci/reports/security/flag.rb
+++ b/lib/gitlab/ci/reports/security/flag.rb
@@ -27,6 +27,10 @@ module Gitlab
               description: description
             }.compact
           end
+
+          def false_positive?
+            flag_type == :false_positive
+          end
         end
       end
     end
diff --git a/lib/gitlab/ci/reports/security/reports.rb b/lib/gitlab/ci/reports/security/reports.rb
index b6372349f68..5c08381d5cc 100644
--- a/lib/gitlab/ci/reports/security/reports.rb
+++ b/lib/gitlab/ci/reports/security/reports.rb
@@ -23,6 +23,10 @@ module Gitlab
           end
 
           def violates_default_policy_against?(target_reports, vulnerabilities_allowed, severity_levels, vulnerability_states, report_types = [])
+            if Feature.enabled?(:require_approval_on_scan_removal, pipeline.project) && scan_removed?(target_reports)
+              return true
+            end
+
             unsafe_findings_count(target_reports, severity_levels, vulnerability_states, report_types) > vulnerabilities_allowed
           end
 
@@ -36,6 +40,10 @@ module Gitlab
             new_uuids = unsafe_findings_uuids(severity_levels, report_types) - target_reports&.unsafe_findings_uuids(severity_levels, report_types).to_a
             new_uuids.count
           end
+
+          def scan_removed?(target_reports)
+            (target_reports&.reports&.keys.to_a - reports.keys).any?
+          end
         end
       end
     end