Security reports API

Problem to solve

Security reports (https://docs.gitlab.com/ee/ci/yaml/#artifactsreports) are not accessible in the same way other artifacts are, and there is no API to fetch them.

This makes harder to automate flows.

A possible workaround is to set files as both regular artifacts and reports in the job definition, but this is suboptimal.

Users should be able to fetch reports easily.

Target audience

• Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer

• Sam, Security Analyst, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sam-security-analyst

Proposal

Create API calls to fetch reports, or improve the existing ones for artifacts so they can provide reports as well.

If possible, cover also other report types (like codequality), but focus on security features first.

Permissions and Security

Same as artifacts.

Documentation

What does success look like, and how can we measure that?

Number of API calls to fetch reports.