Projects fails to load Standalone Vulnerabilities on Security Dashboards in PROD
Summary
A demo project was created in #202686 (closed) in order to test the Standalone Vulnerabilities MVC in Production. The project-level security dashboard for this webgoat demo project is currently failing to load the vulnerability list.
Originally this was thought to be a result of no CI/CD jobs configured (see related Slack conversation). That does not appear to be the case:
- the project-level exportable security report contains data &
- the pipeline has been run successfully within the last week
Additionally, this project of @stkerr's is not loading any data on the dashboard despite having results present in the vulnerability export report: https://gitlab.com/stkerr/custom-scanner/-/security/dashboard
Steps to reproduce
This issue was created specifically regarding the Defend Demo project webgoat.
With the Webgoat project selected, navigate to Security & Compliance
-> Vulnerability List
Observe error Error fetching the vulnerability list. Please check your network connection and try again.
This second example of a demo project not loading results on the Security Dashboard was added for additional information: https://gitlab.com/stkerr/custom-scanner/-/security/dashboard
Example Project
Demo project(s):
- https://gitlab.com/gitlab-org/defend/webgoat/-/security/vulnerabilities (ref. #202686 (closed))
- https://gitlab.com/stkerr/custom-scanner/-/security/dashboard
What is the current behavior?
Despite the fact that the Exportable Security Report contains scan results, no data is displayed to the user on the dashboard itself. A generic error message is displayed instead: Error fetching the vulnerability list. Please check your network connection and try again.
What is the desired behavior?
A list of vulnerabilities matching what is delivered in the Exportable Security Report should display in the dashboard. Or failing scanner that is causing this demo project to throw errors should be addressed.