diff options
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/ci/parsers/sbom/component.rb | 59 | ||||
-rw-r--r-- | lib/gitlab/ci/parsers/sbom/cyclonedx.rb | 10 | ||||
-rw-r--r-- | lib/gitlab/ci/reports/sbom/component.rb | 14 |
3 files changed, 64 insertions, 19 deletions
diff --git a/lib/gitlab/ci/parsers/sbom/component.rb b/lib/gitlab/ci/parsers/sbom/component.rb new file mode 100644 index 00000000000..1a4aa5071ae --- /dev/null +++ b/lib/gitlab/ci/parsers/sbom/component.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Parsers + module Sbom + class Component + include Gitlab::Utils::StrongMemoize + + TRIVY_SOURCE_PACKAGE_FIELD = 'SrcName' + + def initialize(data) + @data = data + end + + def parse + ::Gitlab::Ci::Reports::Sbom::Component.new( + type: data['type'], + name: data['name'], + purl: purl, + version: data['version'], + properties: properties, + source_package_name: source_package_name + ) + end + + private + + attr_reader :data + + def purl + return unless data['purl'] + + ::Sbom::PackageUrl.parse(data['purl']) + end + strong_memoize_attr :purl + + def properties + CyclonedxProperties.parse_trivy_source(data['properties']) + end + strong_memoize_attr :properties + + def source_package_name + return unless container_scanning_component? + + properties&.data&.dig(TRIVY_SOURCE_PACKAGE_FIELD) || data['name'] + end + + def container_scanning_component? + return false unless data['purl'] + + Enums::Sbom.container_scanning_purl_type?(purl.type) + end + strong_memoize_attr :container_scanning_component? + end + end + end + end +end diff --git a/lib/gitlab/ci/parsers/sbom/cyclonedx.rb b/lib/gitlab/ci/parsers/sbom/cyclonedx.rb index 62cd322e141..9c48dd69a41 100644 --- a/lib/gitlab/ci/parsers/sbom/cyclonedx.rb +++ b/lib/gitlab/ci/parsers/sbom/cyclonedx.rb @@ -58,15 +58,7 @@ module Gitlab def parse_components data['components']&.each_with_index do |component_data, index| - properties = component_data['properties'] - component = ::Gitlab::Ci::Reports::Sbom::Component.new( - type: component_data['type'], - name: component_data['name'], - purl: component_data['purl'], - version: component_data['version'] - ) - - component.properties = CyclonedxProperties.parse_trivy_source(properties) if properties + component = Component.new(component_data).parse report.add_component(component) if component.ingestible? rescue ::Sbom::PackageUrl::InvalidPackageUrl report.add_error("/components/#{index}/purl is invalid") diff --git a/lib/gitlab/ci/reports/sbom/component.rb b/lib/gitlab/ci/reports/sbom/component.rb index 1a3f689c1d7..6cc588d113c 100644 --- a/lib/gitlab/ci/reports/sbom/component.rb +++ b/lib/gitlab/ci/reports/sbom/component.rb @@ -8,14 +8,15 @@ module Gitlab include Gitlab::Utils::StrongMemoize attr_reader :component_type, :version, :path - attr_accessor :properties + attr_accessor :properties, :purl, :source_package_name - def initialize(type:, name:, purl:, version:, properties: nil) + def initialize(type:, name:, purl:, version:, properties: nil, source_package_name: nil) @component_type = type @name = name - @raw_purl = purl + @purl = purl @version = version @properties = properties + @source_package_name = source_package_name end def <=>(other) @@ -26,13 +27,6 @@ module Gitlab supported_component_type? && supported_purl_type? end - def purl - return unless @raw_purl - - ::Sbom::PackageUrl.parse(@raw_purl) - end - strong_memoize_attr :purl - def purl_type purl.type end |