Skip to content

Add Container Scanning reports at pipeline level

Problem to solve

We don't have a way to show the full security report for Container Scanning at pipeline level. This makes hard to access this information to users.

Further details

We already have SAST and Dependency Scanning reports available at pipeline level. This one should follow the same pattern.

Proposal

Add the Container Scanning report at pipeline level, like the other existing ones, in a collapsible section under the Security report tab.

Design

The designs and notes below are from #5105 (closed).

image

image

Note:

  1. DAST will be the last element in the "list"
    1. SAST
    2. Dependency Scanning
    3. Container Scanning
    4. DAST
  2. DAST will not report "by analyzing the review app" text
  3. In CI View we will limit the height of each report to a scrollable 500px
  4. Complete vulnerabilities report anchor will have existing functionality similar to SAST and expand report inline, changes to this functionality are deferred to https://gitlab.com/gitlab-org/gitlab-ee/issues/5322
Edited by Fabio Busatto