Conversation
* stale field to isSummaryStale and add summaryStaleTag
…staleness field in ContainerImage and WorkloadVulnerabilitySummary
… and related queries
…ainerImage and WorkloadVulnerabilitySummary
…improved readability
…dAt in ContainerImage and WorkloadVulnerabilitySummary
…s to ContainerImage context
add descritions Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
fix: update description Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
use default sbom status Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
fix: description Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ds to sbom for clarity
…include WorkloadSbomSummary for improved SBOM handling
…aders struct for improved context management
…erability summary structure
- Rename ContainerImageSbom→ContainerImageSBOM, SbomStatus→SBOMStatus across resolvers
- Remove hasSbom field from ContainerImageSBOM; derive SBOM availability from status == READY
- Remove WorkloadSbomSummary type; consumers use workload { image { sbom { ... } } } instead
- Add hasSBOM @deprecated on WorkloadVulnerabilitySummary pointing to workload.image.sbom.status
- Keep summary: ImageVulnerabilitySummary! non-null; resolver returns empty struct when nil
- Implement Status and ProcessingStartedAt resolvers on ContainerImageSBOM (were panicking)
- Suppress SBOM issue when status is PROCESSING or UNSPECIFIED, only fire on NO_SBOM/FAILED
- Update integration tests to use sbom { status } instead of hasSBOM
Contributor
Author
|
sry, var ikke klar over at review forsvant når man renamet branch, men det burde jeg ha tenkt på... |
thokra-nav
reviewed
Apr 28, 2026
* resolver to ContainerImageSBOM and tests
thokra-nav
reviewed
Apr 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new
sbomfield on theContainerImageGraphQL type, replacing the previoushasSBOMboolean field with a richer object containing SBOM pipeline status and processing information. The changes also update the GraphQL schema, resolvers, and integration tests to support and verify this new structure. Additionally, there are several dependency upgrades across the codebase.GraphQL API Improvements:
ContainerImageGraphQL type now exposes asbomfield (of typeContainerImageSBOM) instead of the oldhasSBOMboolean, providing detailed SBOM pipeline status and processing start time. The schema, resolvers, and complexity definitions are updated accordingly. (internal/graph/gengql/root_.generated.go,internal/graph/gengql/applications.generated.go,internal/graph/gengql/instancegroup.generated.go,internal/graph/gengql/jobs.generated.go) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]hasSBOMfield onWorkloadVulnerabilitySummaryis now deprecated in favor of accessing SBOM status viaworkload { image { sbom { status } } }. (internal/graph/gengql/root_.generated.go)Testing Updates:
sbomfield, including itsstatusandprocessingStartedAtproperties, instead of the oldhasSBOMfield. A new test verifies that the SBOM sub-type is correctly returned for workload vulnerability summaries. (integration_tests/vulnerabilities.lua) [1] [2] [3]Dependency Upgrades:
go.mod, includingcloud.google.com/go/bigquery,github.com/nais/v13s/pkg/api,go.opentelemetry.io/oteland related OpenTelemetry packages, as well as various Google, Go, and third-party libraries. (go.mod) [1] [2] [3] [4] [5] [6] [7] [8]OpenTelemetry Version Update:
v1.40.0. (internal/cmd/api/http.go,internal/cmd/api/metrics.go) [1] [2]