From 2a887a1cb1d3b64cfdf2c9fc75ba5e8e1181a95f Mon Sep 17 00:00:00 2001
From: Igor Frenkel <ifrenkel@gitlab.com>
Date: Mon, 28 Oct 2024 19:52:25 +0000
Subject: [PATCH] Exclude qa sbom fixtures from dependency scanning

There are fixtures under several qa directories with gl-sbom
artifacts. If not excluded, they will appear in the vulnerability
report.

Changelog: other
---
 .gitlab/ci/reports.gitlab-ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index fb2a83bb321db..7520a47a0bba5 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -83,6 +83,9 @@ secret_detection:
       - gl-dependency-scanning-report.json  # GitLab-specific
     access: 'developer'
     expire_in: 1 week  # GitLab-specific
+  after_script:
+    # Remove sboms in test fixtures so that they are not ingested and scanned.
+    - find spec ee/spec qa -path '**/fixtures/**/gl-sbom*.cdx.json' -delete
 
 gemnasium-dependency_scanning:
   variables:
-- 
GitLab