Add Dependency Scanning feature and expose its artifacts in Merge Request. Refs #5105

ee/app/models/ee/ci/build.rb

@@ -8,6 +8,7 @@ module EE
       extend ActiveSupport::Concern
 
       CODEQUALITY_FILE = 'codeclimate.json'.freeze
+      DEPENDENCY_SCANNING_FILE = 'gl-dependency-scanning-report.json'.freeze
       SAST_FILE = 'gl-sast-report.json'.freeze
       PERFORMANCE_FILE = 'performance.json'.freeze
       SAST_CONTAINER_FILE = 'gl-sast-container-report.json'.freeze
@@ -19,6 +20,7 @@ module EE
         scope :codequality, -> { where(name: %w[codequality codeclimate]) }
         scope :performance, -> { where(name: %w[performance deploy]) }
         scope :sast, -> { where(name: 'sast') }
+        scope :dependency_scanning, -> { where(name: 'dependency-scanning') }
         scope :sast_container, -> { where(name: 'sast:container') }
         scope :dast, -> { where(name: 'dast') }
         scope :with_artifacts_stored_locally, -> { with_artifacts_archive.where(artifacts_file_store: [nil, LegacyArtifactUploader::Store::LOCAL]) }
@@ -55,6 +57,10 @@ module EE
         has_artifact?(SAST_FILE)
       end
 
+      def has_dependency_scanning_json?
+        has_artifact?(DEPENDENCY_SCANNING_FILE)
+      end
+
       def has_sast_container_json?
         has_artifact?(SAST_CONTAINER_FILE)
       end

ee/app/models/ee/ci/pipeline.rb

@@ -24,6 +24,10 @@ module EE
         artifacts.sast.find(&:has_sast_json?)
       end
 
+      def dependency_scanning_artifact
+        @dependency_scanning_artifact ||= artifacts.dependency_scanning.find(&:has_dependency_scanning_json?)
+      end
+
       def sast_container_artifact
         artifacts.sast_container.find(&:has_sast_container_json?)
       end
@@ -40,6 +44,10 @@ module EE
         sast_artifact&.success?
       end
 
+      def has_dependency_scanning_data?
+        dependency_scanning_artifact&.success?
+      end
+
       def has_sast_container_data?
         sast_container_artifact&.success?
       end
@@ -61,6 +69,11 @@ module EE
           has_sast_data?
       end
 
+      def expose_dependency_scanning_data?
+        project.feature_available?(:dependency_scanning) &&
+          has_dependency_scanning_data?
+      end
+
       def expose_sast_container_data?
         project.feature_available?(:sast_container) &&
           has_sast_container_data?

ee/app/models/ee/merge_request.rb

@@ -16,6 +16,8 @@ module EE
       delegate :performance_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :sast_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
       delegate :sast_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
+      delegate :dependency_scanning_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
+      delegate :dependency_scanning_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :sast_container_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
       delegate :sast_container_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :dast_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
@@ -23,9 +25,11 @@ module EE
       delegate :sha, to: :head_pipeline, prefix: :head_pipeline, allow_nil: true
       delegate :sha, to: :base_pipeline, prefix: :base_pipeline, allow_nil: true
       delegate :has_sast_data?, to: :base_pipeline, prefix: :base, allow_nil: true
+      delegate :has_dependency_scanning_data?, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :has_sast_container_data?, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :has_dast_data?, to: :base_pipeline, prefix: :base, allow_nil: true
       delegate :expose_sast_data?, to: :head_pipeline, allow_nil: true
+      delegate :expose_dependency_scanning_data?, to: :head_pipeline, allow_nil: true
       delegate :expose_sast_container_data?, to: :head_pipeline, allow_nil: true
       delegate :expose_dast_data?, to: :head_pipeline, allow_nil: true
     end

ee/app/models/license.rb

@@ -59,6 +59,7 @@ class License < ActiveRecord::Base
   ].freeze
 
   EEU_FEATURES = EEP_FEATURES + %i[
+    dependency_scanning
     sast
     sast_container
     cluster_health

ee/app/serializers/ee/merge_request_widget_entity.rb

@@ -55,6 +55,20 @@ module EE
         end
       end
 
+      expose :dependency_scanning, if: -> (mr, _) { mr.expose_dependency_scanning_data? } do
+        expose :head_path, if: -> (mr, _) { can?(current_user, :read_build, mr.head_dependency_scanning_artifact) } do |merge_request|
+          raw_project_build_artifacts_url(merge_request.source_project,
+                                          merge_request.head_dependency_scanning_artifact,
+                                          path: Ci::Build::DEPENDENCY_SCANNING_FILE)
+        end
+
+        expose :base_path, if: -> (mr, _) { mr.base_has_dependency_scanning_data? && can?(current_user, :read_build, mr.base_dependency_scanning_artifact) } do |merge_request|
+          raw_project_build_artifacts_url(merge_request.target_project,
+                                          merge_request.base_dependency_scanning_artifact,
+                                          path: Ci::Build::DEPENDENCY_SCANNING_FILE)
+        end
+      end
+
       expose :sast_container, if: -> (mr, _) { mr.expose_sast_container_data? } do
         expose :head_path, if: -> (mr, _) { can?(current_user, :read_build, mr.head_sast_container_artifact) } do |merge_request|
           raw_project_build_artifacts_url(merge_request.source_project,

ee/spec/models/ci/build_spec.rb

@@ -137,15 +137,16 @@ describe Ci::Build do
     end
   end
 
-  ARTIFACTS_METHODS = {
+  BUILD_ARTIFACTS_METHODS = {
     has_codeclimate_json?: Ci::Build::CODEQUALITY_FILE,
     has_performance_json?: Ci::Build::PERFORMANCE_FILE,
     has_sast_json?: Ci::Build::SAST_FILE,
+    has_dependency_scanning_json?: Ci::Build::DEPENDENCY_SCANNING_FILE,
     has_sast_container_json?: Ci::Build::SAST_CONTAINER_FILE,
     has_dast_json?: Ci::Build::DAST_FILE
   }.freeze
 
-  ARTIFACTS_METHODS.each do |method, filename|
+  BUILD_ARTIFACTS_METHODS.each do |method, filename|
     describe "##{method}" do
       context 'valid build' do
         let!(:build) do

ee/spec/models/ci/pipeline_spec.rb

@@ -17,15 +17,16 @@ describe Ci::Pipeline do
     end
   end
 
-  ARTIFACTS_METHODS = {
+  PIPELINE_ARTIFACTS_METHODS = {
     codeclimate_artifact: [Ci::Build::CODEQUALITY_FILE, 'codequality'],
     performance_artifact: [Ci::Build::PERFORMANCE_FILE, 'performance'],
     sast_artifact: [Ci::Build::SAST_FILE, 'sast'],
+    dependency_scanning_artifact: [Ci::Build::DEPENDENCY_SCANNING_FILE, 'dependency-scanning'],
     sast_container_artifact: [Ci::Build::SAST_CONTAINER_FILE, 'sast:container'],
     dast_artifact: [Ci::Build::DAST_FILE, 'dast']
   }.freeze
 
-  ARTIFACTS_METHODS.each do |method, options|
+  PIPELINE_ARTIFACTS_METHODS.each do |method, options|
     describe method.to_s do
       context 'has corresponding job' do
         let!(:build) do

ee/spec/serializers/merge_request_widget_entity_spec.rb

@@ -47,6 +47,19 @@ describe MergeRequestWidgetEntity do
     expect(subject.as_json[:sast]).to include(:base_path)
   end
 
+  it 'has dependency_scanning data' do
+    build = create(:ci_build, name: 'dependency_scanning', pipeline: pipeline)
+
+    allow(merge_request).to receive(:expose_dependency_scanning_data?).and_return(true)
+    allow(merge_request).to receive(:base_has_dependency_scanning_data?).and_return(true)
+    allow(merge_request).to receive(:base_dependency_scanning_artifact).and_return(build)
+    allow(merge_request).to receive(:head_dependency_scanning_artifact).and_return(build)
+
+    expect(subject.as_json).to include(:dependency_scanning)
+    expect(subject.as_json[:dependency_scanning]).to include(:head_path)
+    expect(subject.as_json[:dependency_scanning]).to include(:base_path)
+  end
+
   it 'has sast_container data' do
     build = create(:ci_build, name: 'sast:image', pipeline: pipeline)