Show multiple DAST scans' scanned resources in the MR widget
Problem to solve
In #11024 (closed), we have added a scanned URLs count as well as a View details
link to DAST security reports in the MR widget. This change assumes that there is only a single DAST scan in the pipeline. However, it is possible for a pipeline to perform multiple DAST scans (see #11024 (comment 303566982)). In that case, we would need to be able to show scanned URLs count and View details
links for every individual scan, along with a way to identify the CI job that ran the scan (see #11024 (comment 303893798)).
Intended users
Further details
The current frontend implementation will only ever show the data for the fist DAST scan returned by the API, ignoring any other scans if any. We will need to extend that implementation to take other scans into account. It will require some UX tweaks to make sure that we are able to show all the data without degrading the user experience.
Proposal
A possible solution would be to replace the scanned URLs count and View details
link with a popover that would contain the scans list with their respective counts and links.
Permissions and Security
Users with permissions to see DAST results are also allowed to see the list of scanned resources.
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
No.
Links / references
- Original issue: Show the list of resources scanned by DAST
- Initial frontend implementation: !26825 (merged)
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.