Show multiple DAST scans' scanned resources in the MR widget
Problem to solve
In #11024, we have added a scanned URLs count as well as a
View details link to DAST security reports in the MR widget. This change assumes that there is only a single DAST scan in the pipeline. However, it is possible for a pipeline to perform multiple DAST scans (see #11024 (comment 303566982)). In that case, we would need to be able to show scanned URLs count and
View details links for every individual scan, along with a way to identify the CI job that ran the scan (see #11024 (comment 303893798)).
The current frontend implementation will only ever show the data for the fist DAST scan returned by the API, ignoring any other scans if any. We will need to extend that implementation to take other scans into account. It will require some UX tweaks to make sure that we are able to show all the data without degrading the user experience.
A possible solution would be to replace the scanned URLs count and
View details link with a popover that would contain the scans list with their respective counts and links.
Permissions and Security
Users with permissions to see DAST results are also allowed to see the list of scanned resources.
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?