Merge branch 'ogonzalez-resolve-vulnerabilities-01ea0401' into 'master'

Return ids of created vulnerabilities with SBOM scanning See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179115 Merged-by: Kassio Borges <kborges@gitlab.com> Approved-by: Orin Naaman <onaaman@gitlab.com> Approved-by: Kassio Borges <kborges@gitlab.com> Co-authored-by: Olivier Gonzalez <ogonzalez@gitlab.com>

Merge branch 'ogonzalez-resolve-vulnerabilities-01ea0401' into 'master'
1cd35af9 · Kassio Borges · GitLab · f8a8f7ea · e279a1f8 · 1cd35af9
--- a/ee/lib/gitlab/vulnerability_scanning/advisory_utils.rb
+++ b/ee/lib/gitlab/vulnerability_scanning/advisory_utils.rb
@@ -55,6 +55,8 @@ def create_vulnerabilities(findings)
        else
          log_error(response.payload[:error], project_ids_with_upsert: project_ids_with_upsert)
        end
+        response.payload[:vulnerability_ids] || []
      end
      def log_success(project_ids_with_upsert:)

--- a/ee/spec/lib/gitlab/vulnerability_scanning/advisory_utils_spec.rb
+++ b/ee/spec/lib/gitlab/vulnerability_scanning/advisory_utils_spec.rb
@@ -152,14 +152,19 @@
    let(:finding_map) { create(:vs_finding_map, pipeline: pipeline) }
-    it 'creates new vulnerabilities' do
+    it 'creates new vulnerabilities and returns their id' do
      expect(Gitlab::AppJsonLogger).to receive(:debug)
        .with(
          message: "Successfully created vulnerabilities on advisory ingestion",
          project_ids_with_upsert: [pipeline.project.id])
        .once
-      expect { create_vulnerabilities }.to change { Vulnerability.count }.by(1)
+      expect do
+        created_ids = create_vulnerabilities
+        expect(created_ids).to be_an(Array)
+          .and all(be_a(Integer))
+          .and be_present
+      end.to change { Vulnerability.count }.by(1)
    end
    context 'when exception is raised' do
@@ -175,7 +180,10 @@
           project_ids_with_upsert: [])
         .once
-        expect { create_vulnerabilities }.not_to change { Vulnerability.count }
+        expect do
+          created_ids = create_vulnerabilities
+          expect(created_ids).to eq([])
+        end.not_to change { Vulnerability.count }
      end
    end
  end