Mention project level dashboard in secure features (!23616) · Merge requests · GitLab.com / www-gitlab-com

Olivier Gonzalez requested to merge mention-project-security-dashboard into master Jun 02, 2019

This removes ambiguity about who's responsible for the project level dashboard. BTW the linked doc already contains the project level dashboard too.

The rationale to put this alongside the Group level dashboard is that it should share similar goals, behaviors and rely on the same code base and data.

This is not true today because the project level dashboard is currently just a copy/paste of the pipeline view for the last successful pipeline on master¹. But this dashboard could be simply a narrower view of what is available at the group level, leveraging the same DB records and providing similar features and UI. This will be even more meaningful once we have first class vulnerabilities and triage list workflow.

In contrast, the Security Reports are showing "raw" findings from the pipeline execution which, in the case of a branch and MR, happens before they reach master¹ and become real vulnerabilities, effectively impacting your live project.

cc - @kencjohnston @NicoleSchwartz @dhavens @plafoucriere @twoodham @leipert

I say master for simplicity but to be more accurate it is the default_branch of the project. ↩ ↩²

Mention project level dashboard in secure features

Merge request reports