Class: Gitlab::Ci::Parsers::Sbom::CyclonedxProperties

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb

Overview

Parses GitLab CycloneDX metadata properties which are defined by the taxonomy at docs.gitlab.com/ee/development/sec/cyclonedx_property_taxonomy.html

This parser knows how to process schema version 1 and will not attempt to parse later versions. Each source type has it’s own namespace in the property schema, and is also given its own parser. Properties are filtered by namespace, and then passed to each source parser for processing.

Constant Summary collapse

SUPPORTED_SCHEMA_VERSION =
'1'
GITLAB_PREFIX =
'gitlab:'
AQUASECURITY_PREFIX =
'aquasecurity:'
SOURCE_PARSERS =
{
  'dependency_scanning' => ::Gitlab::Ci::Parsers::Sbom::Source::DependencyScanning,
  'dependency_scanning_component' => ::Gitlab::Ci::Parsers::Sbom::Source::DependencyScanningComponent,
  'container_scanning' => ::Gitlab::Ci::Parsers::Sbom::Source::ContainerScanning,
  'container_scanning_for_registry' => ::Gitlab::Ci::Parsers::Sbom::Source::ContainerScanningForRegistry,
  'trivy' => ::Gitlab::Ci::Parsers::Sbom::Source::Trivy
}.freeze
SUPPORTED_PROPERTIES =
%w[
  meta:schema_version
  dependency_scanning:category
  dependency_scanning:input_file:path
  dependency_scanning:source_file:path
  dependency_scanning:package_manager:name
  dependency_scanning:language:name
  dependency_scanning_component:reachability
  container_scanning:image:name
  container_scanning:image:tag
  container_scanning:operating_system:name
  container_scanning:operating_system:version
  container_scanning_for_registry:image:name
  container_scanning_for_registry:image:tag
  container_scanning_for_registry:operating_system:name
  container_scanning_for_registry:operating_system:version
  trivy:PkgID
  trivy:PkgType
  trivy:SrcName
  trivy:SrcVersion
  trivy:SrcRelease
  trivy:SrcEpoch
  trivy:Modularitylabel
  trivy:FilePath
  trivy:LayerDigest
  trivy:LayerDiffID
].freeze

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(properties) ⇒ CyclonedxProperties

Returns a new instance of CyclonedxProperties.



62
63
64
# File 'lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb', line 62

def initialize(properties)
  @properties = properties
end

Class Method Details

.parse_component_sourceObject



58
59
60
# File 'lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb', line 58

def self.parse_component_source(...)
  new(...).parse_component_source
end

.parse_sourceObject



54
55
56
# File 'lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb', line 54

def self.parse_source(...)
  new(...).parse_source
end

Instance Method Details

#parse_component_sourceObject



73
74
75
76
77
# File 'lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb', line 73

def parse_component_source
  return unless properties.present?

  source
end

#parse_sourceObject



66
67
68
69
70
71
# File 'lib/gitlab/ci/parsers/sbom/cyclonedx_properties.rb', line 66

def parse_source
  return unless properties.present?
  return unless supported_schema_version?

  source
end