Evidence summary no longer appears on the vulnerability finding
Summary
A recent bug #37027 (closed) was played to show the evidence summary when the user clicks on a vulnerability finding on the Security Dashboard.
The work for this bug was completed, released, and the issue was closed. Unfortunately, in the meantime, background work was taking place that changed how the page displays. When the feature flag for this work was turned on, it was discovered that the evidence summary did not appear on the new page.
Steps to reproduce
- Create a new project.
- Use the following configuration in the
.gitlab-ci.yml
file
stages:
- build
build:
stage: build
image: alpine:3.10.3
script:
- cp dast.json gl-dast-report.json
artifacts:
reports:
dast: gl-dast-report.json
- Create a file,
dast.json
, and copy the content from here into the file. - Commit and push the changes to the
master
branch of your project - Wait for the pipeline to finish
- Navigate to the project Security Dashboard
- Click on the
PII Scanner
vulnerability` - The page should show
Credit Card Type detected
with the credit card number, but it doesn't appear.
Screenshots
What it should look like
To get to this modal, click on CI/CD
-> Pipelines
-> specific pipeline -> Security
tab -> PII Scanner
entry:
How to get to the modal | The modal |
---|---|
![]() |
![]() |
What it actually looks like
![]() |
On the standalone vulnerability page:
What is the current bug behavior?
It doesn't show the evidence summary.
What is the expected correct behavior?
It should show the evidence summary.
Possible fixes
I think we need to add the field to this file.
(If you can, link to the line of code that might be responsible for the problem)