Revise security scanning docs to replace xyz report with xyz results
Problem to solve
The wording in the SAST documentation is somewhat confusing. https://docs.gitlab.com/ee/user/application_security/sast/index.html
Someone asked me about this. It says, "GitLab checks the SAST report, compares the found vulnerabilities between the source and target branches, and shows the information right on the merge request." It causes people to look for a specific "sast report" that is not part of the MR pipeline results. Would it be more accurate to say it checks the "sast results"?
@gonzoyumo says
This wording was probably fitting more in the old location of that doc (MR widget). Note that this wording is common to all security products, so we probably should update them all at once.
Further details
Proposal
When a pipeline is completed, the results of the SAST analysis is processed and shown in the Security tab of the pipeline view.
[Insert screenshot here?]
When the pipeline is associated with a merge request, the SAST analysis is also compared with the one from the target branch (if available) and the information is shown right on the merge request.
[MR widget screenshot]
When running from the default branch, the results of the SAST analysis will also populate the security dashboards