Skip to content

feat: Create Remote Scanning Sidebar

Juhee Leerequested to merge
1534/create-sast-sidebar into main

Description

Create new tree view in workflow extension to display remote security scan status and results.

Related Issues

Resolves #1534 (closed)

How has this been tested?

Testing with Local Scanner Service and GDK

  1. Follow this to set up SAST scanner service locally using GDK

  2. Check out main branch on gitlab-lsp and run npm run watch -- --editor=vscode (ref: https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp#watch-mode)

  3. Check out this branch and add the following to the user settings.json (Press shift-cmd-p, type "Preferences: Open User Settings (JSON)", then press enter.)

    "gitlab.securityScans.enabled": true,
"gitlab.featureFlags.remoteSecurityScans": true

  4. Follow this from step 2 to run VSCode extension locally and authenticate with your local GDK.

  5. In Extension Host Extension,

    1. Add this file to the test project

      test.c

    2. Open the test file.

    3. Open workflow extension and expand Remote Scanning (SAST)

    4. Hit Command+Shift+P(mac) or Ctrl + Shift + P(windows) open command palette and run Gitlab: Run Security Scan

    5. Confirm scanning is in progress and items are populated when completed

    6. Save the file to trigger a scan again and check if it works.

Testing through Staging (Unavailable until the authentication issue is resolved in staging)

  1. Check out this branch and run npm run watch -- --editor=vscode (ref: https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp#watch-mode)

  2. Check out jl/1534/create-custom-scan-response-notifier branch on gitlab-lsp

  3. Add to user settings.json (Press shift-cmd-p, type "Preferences: Open User Settings (JSON)", then press enter.)

    "gitlab.securityScans.enabled": true,
"gitlab.featureFlags.remoteSecurityScans": true

  4. Run vscode extension locally connected to local language server

  5. In Extension Host Extension,

    1. Authenticate to staging.gitlab.com and clone an existing test project

    2. Add this file to the test project

      test.c

    3. Open the test file.

    4. Open workflow extension and expand Remote Scanning (SAST)

    5. Hit Command+Shift+P(mac) or Ctrl + Shift + P(windows) open command palette and run Gitlab: Run Security Scan

    6. Confirm scanning is in progress and items are populated when completed

    7. Save the file to trigger a scan again and check if it works.

Screenshots (if appropriate)

SAST Sidebar walkthrough.mov

What CHANGELOG entry will this MR create?

  • fix: Bug fix fixes - a user-facing issue in production - included in changelog
  • feature: New feature - a user-facing change which adds functionality - included in changelog
  • BREAKING CHANGE: (fix or feature that would cause existing functionality to change) - should bump major version, mentioned in the changelog
  • None - other non-user-facing changes
Edited by Juhee Lee

Merge request reports