Show Container Scanning results in the Group Security Dashboard
Problem to solve
The Group Security Dashboard currently shows a subset of results. This is a good starting point, but we need to add more source of vulnerabilities and cover all the reports we have.
This issue is about adding Container Scanning results to the dashboard.
Further details
This issue requires https://gitlab.com/gitlab-org/gitlab-ee/issues/7061 to be merged in a previous iteration.
Proposal
Those are the requirements:
- Add Container Scanning into the Report Types dropdown with SAST and Dependency Scanning
- the results will be shown in the list, and action items available, in the most similar way to SAST
- the summary and metrics must consider Container Scanning results
Implementation
-
Add Container Scanning to the authorized list of report types displayed in the group dashboard (rel https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9626) -
Enable the parse_container_scanning_reports
feature flag
What does success look like, and how can we measure that?
Security teams will use the Group Security Dashboard to fix their Container Scanning vulnerabilities.