7 files changed, 131 insertions, 4 deletions

diff --git a/spec/lib/gitlab/ci/reports/sbom/component_spec.rb b/spec/lib/gitlab/ci/reports/sbom/component_spec.rb
new file mode 100644
index 00000000000..672117c311f
--- /dev/null
+++ b/spec/lib/gitlab/ci/reports/sbom/component_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Sbom::Component do
+  let(:attributes) do
+    {
+      'type' => 'library',
+      'name' => 'component-name',
+      'version' => 'v0.0.1'
+    }
+  end
+
+  subject { described_class.new(attributes) }
+
+  it 'has correct attributes' do
+    expect(subject).to have_attributes(
+      component_type: 'library',
+      name: 'component-name',
+      version: 'v0.0.1'
+    )
+  end
+end
diff --git a/spec/lib/gitlab/ci/reports/sbom/report_spec.rb b/spec/lib/gitlab/ci/reports/sbom/report_spec.rb
new file mode 100644
index 00000000000..d7a285ab13c
--- /dev/null
+++ b/spec/lib/gitlab/ci/reports/sbom/report_spec.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Sbom::Report do
+  subject(:report) { described_class.new }
+
+  describe '#add_error' do
+    it 'appends errors to a list' do
+      report.add_error('error1')
+      report.add_error('error2')
+
+      expect(report.errors).to match_array(%w[error1 error2])
+    end
+  end
+
+  describe '#set_source' do
+    let_it_be(:source) do
+      {
+        'type' => :dependency_scanning,
+        'data' => {
+          'input_file' => { 'path' => 'package-lock.json' },
+          'source_file' => { 'path' => 'package.json' },
+          'package_manager' => { 'name' => 'npm' },
+          'language' => { 'name' => 'JavaScript' }
+        },
+        'fingerprint' => 'c01df1dc736c1148717e053edbde56cb3a55d3e31f87cea955945b6f67c17d42'
+      }
+    end
+
+    it 'stores the source' do
+      report.set_source(source)
+
+      expect(report.source).to be_a(Gitlab::Ci::Reports::Sbom::Source)
+    end
+  end
+
+  describe '#add_component' do
+    let_it_be(:components) do
+      [
+        { 'type' => 'library', 'name' => 'component1', 'version' => 'v0.0.1' },
+        { 'type' => 'library', 'name' => 'component2', 'version' => 'v0.0.2' },
+        { 'type' => 'library', 'name' => 'component2' }
+      ]
+    end
+
+    it 'appends components to a list' do
+      components.each { |component| report.add_component(component) }
+
+      expect(report.components.size).to eq(3)
+      expect(report.components).to all(be_a(Gitlab::Ci::Reports::Sbom::Component))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/reports/sbom/reports_spec.rb b/spec/lib/gitlab/ci/reports/sbom/reports_spec.rb
new file mode 100644
index 00000000000..97d8d7abb33
--- /dev/null
+++ b/spec/lib/gitlab/ci/reports/sbom/reports_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Sbom::Reports do
+  subject(:reports_list) { described_class.new }
+
+  describe '#add_report' do
+    let(:rep1) { Gitlab::Ci::Reports::Sbom::Report.new }
+    let(:rep2) { Gitlab::Ci::Reports::Sbom::Report.new }
+
+    it 'appends the report to the report list' do
+      reports_list.add_report(rep1)
+      reports_list.add_report(rep2)
+
+      expect(reports_list.reports.length).to eq(2)
+      expect(reports_list.reports.first).to eq(rep1)
+      expect(reports_list.reports.last).to eq(rep2)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/reports/sbom/source_spec.rb b/spec/lib/gitlab/ci/reports/sbom/source_spec.rb
new file mode 100644
index 00000000000..2d6434534a0
--- /dev/null
+++ b/spec/lib/gitlab/ci/reports/sbom/source_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Sbom::Source do
+  let(:attributes) do
+    {
+      'type' => :dependency_scanning,
+      'data' => {
+        'category' => 'development',
+        'input_file' => { 'path' => 'package-lock.json' },
+        'source_file' => { 'path' => 'package.json' },
+        'package_manager' => { 'name' => 'npm' },
+        'language' => { 'name' => 'JavaScript' }
+      },
+      'fingerprint' => '4dbcb747e6f0fb3ed4f48d96b777f1d64acdf43e459fdfefad404e55c004a188'
+    }
+  end
+
+  subject { described_class.new(attributes) }
+
+  it 'has correct attributes' do
+    expect(subject).to have_attributes(
+      source_type: attributes['type'],
+      data: attributes['data'],
+      fingerprint: attributes['fingerprint']
+    )
+  end
+end
diff --git a/spec/lib/gitlab/ci/reports/security/reports_spec.rb b/spec/lib/gitlab/ci/reports/security/reports_spec.rb
index 79eee642552..e240edc4a12 100644
--- a/spec/lib/gitlab/ci/reports/security/reports_spec.rb
+++ b/spec/lib/gitlab/ci/reports/security/reports_spec.rb
@@ -57,7 +57,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Reports do
     let(:high_severity_dast) { build(:ci_reports_security_finding, severity: 'high', report_type: 'dast') }
     let(:vulnerabilities_allowed) { 0 }
     let(:severity_levels) { %w(critical high) }
-    let(:vulnerability_states) { %w(newly_detected)}
+    let(:vulnerability_states) { %w(newly_detected) }
 
     subject { security_reports.violates_default_policy_against?(target_reports, vulnerabilities_allowed, severity_levels, vulnerability_states) }
 
diff --git a/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb b/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
index 44e66fd9028..6f75e2c55e8 100644
--- a/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
+++ b/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
@@ -60,7 +60,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
     end
 
     describe '#added' do
-      let(:new_location) {build(:ci_reports_security_locations_sast, :dynamic) }
+      let(:new_location) { build(:ci_reports_security_locations_sast, :dynamic) }
       let(:vul_params) { vuln_params(project.id, [identifier], confidence: :high) }
       let(:vuln) { build(:ci_reports_security_finding, severity: Enums::Vulnerability.severity_levels[:critical], location: new_location, **vul_params) }
       let(:low_vuln) { build(:ci_reports_security_finding, severity: Enums::Vulnerability.severity_levels[:low], location: new_location, **vul_params) }
diff --git a/spec/lib/gitlab/ci/reports/test_suite_spec.rb b/spec/lib/gitlab/ci/reports/test_suite_spec.rb
index 1d6b39a7831..4a1f77bed65 100644
--- a/spec/lib/gitlab/ci/reports/test_suite_spec.rb
+++ b/spec/lib/gitlab/ci/reports/test_suite_spec.rb
@@ -91,7 +91,7 @@ RSpec.describe Gitlab::Ci::Reports::TestSuite do
     subject { test_suite.with_attachment! }
 
     context 'when test cases do not contain an attachment' do
-      let(:test_case) { build(:report_test_case, :failed)}
+      let(:test_case) { build(:report_test_case, :failed) }
 
       before do
         test_suite.add_test_case(test_case)
@@ -103,7 +103,7 @@ RSpec.describe Gitlab::Ci::Reports::TestSuite do
     end
 
     context 'when test cases contain an attachment' do
-      let(:test_case_with_attachment) { build(:report_test_case, :failed_with_attachment)}
+      let(:test_case_with_attachment) { build(:report_test_case, :failed_with_attachment) }
 
       before do
         test_suite.add_test_case(test_case_with_attachment)