Security reports API
Problem to solve
Security reports (https://docs.gitlab.com/ee/ci/yaml/#artifactsreports) are not accessible in the same way other artifacts are, and there is no API to fetch them.
This makes harder to automate flows.
A possible workaround is to set files as both regular artifacts and reports in the job definition, but this is suboptimal.
Users should be able to fetch reports easily.
Target audience
-
Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer
-
Sam, Security Analyst, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sam-security-analyst
Proposal
Create API calls to fetch reports, or improve the existing ones for artifacts so they can provide reports as well.
If possible, cover also other report types (like codequality
), but focus on security features first.
Permissions and Security
Same as artifacts.
Documentation
What does success look like, and how can we measure that?
Number of API calls to fetch reports.