Populate the security dashboard with the findings from the latest available report
Problem to solve
We populate the security dashboard with the findings from the latest pipeline. This is a problem in scenarios where a security job is not execute for every pipeline but only for selected pipelines.
For example, see our DAST configuration (full scan) for https://gitlab.com/gitlab-org/gitlab. Since a full scan can be a long-running job, we execute it in a scheduled pipeline and would like the results to show up in the Security Dashboard. Running a DAST full scan on every pipeline is not an option because it would take too long.
This might also be a problem for other long-running testing techniques like fuzzing.
Intended users
Proposal
If the latest pipeline did not run any security jobs, check if previous pipelines did. If yes, display these scan results in the security dashboard and use them as a basis to diff against MR security jobs.
What does success look like, and how can we measure that?
Scan results of security jobs executed in scheduled pipelines are displayed in the security dashboard.