Design: Scanner job status widget on Project Security Dashboard
Release notes
TBD
Problem to solve
It is not easy to tell if a given project's scanning jobs are all running and configured properly. While the Project-level Vulnerability Report shows the latest pipeline run on the default branch, it doesn't provide information on when a particular scanner last ran successfully. Knowing this information could easily alert you to, for instance, if a scanner was turned off because its last successful run will be out of sync with the rest of the scanners.
User experience goal
Give users an "at a glance" way to see which scanners are configured for a project, when they last successfully ran, and a quick way to jump to the relevant pipeline or configuration to investigate any unexpected results.
Proposal
The current thinking is this information is best suited to a new Project-level Security Dashboard widget. This component does not need to be large. It needs to show the following information:
- All scanners that ever ran one or more jobs against the
defaultbranch - Which of these scanners is currently configured to run (maybe with a link to the Configuration page for each scanner?)
- The last successful job completion date for each scanner with link to the job/pipeline
- (Maybe) The number of vulnerabilities detected from the last scan job. Alternatively, showing the last date a vulnerability was detected by the scanner could better indicate if there's a possible misconfiguration.
Further details
See #292000 (comment 526764395) for more background context and a discussion of why this feature is not appropriate for the Group-level security scan status concept.