Security findings from pipelines with only cyclonedx artifacts are not displayed in the MR Widget.

Summary

With the implementation of #390185 (closed), the MR Widget has replaced the existing report-based security findings with a DB-based approach. However, some of the guarding methods are still relying on the artifact file types, which don't include cyclonedx.

Steps to reproduce

Create a MR with only cyclonedx file (including components that are going to be mapped against advisories). This merge request can be used as an example: https://gitlab.com/gitlab-learn-labs/ai-sandbox/sarah-matthies-demo-group/react-demo/-/merge_requests/5

Example Project

https://gitlab.com/gitlab-learn-labs/ai-sandbox/sarah-matthies-demo-group/react-demo

What is the current bug behavior?

No security findings are shown.

What is the expected correct behavior?

Security findings related to the cyclonedx artifact are expected to be shown:

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

This draft MR has been created Update MR Widget to consider cyclonedx artifacts (!186603 - merged) • Zamir Martins • 17.11 as an attempt to get this fixed.