Skip to content

DAST artifact download on security tab page scanned URLs dropdown

Follow up tech debt issue for:

!67701 (merged)

Problem:

  • Artifact downloads via the GraphQL API provide the download as a .json report. for DAST it's an edge case since we want downloaded urls. This seems to be a different type of artifact.

Notes:

  • Although it was mentioned in #333660 (closed), we need to confirm that Download Scanned URLS is still the same kind of assets exposed the graphQL API

  • Artifact download exposes graphQL .json artifact as well as a zip archive of all assets produced in the job. We default to only showing the json artifact with the existing dropdowns, we'd need to support full .zip archives if we want other assets downloaded.

fragment JobArtifacts on Pipeline {
  jobs(securityReportTypes: $reportTypes) {
    nodes {
      name
      artifacts {
        nodes {
          downloadPath
          fileType
        }
      }
    }
  }
}

https://gitlab.com/gitlab-org/gitlab/uploads/66da57dadf80dcb798388c8186cde8bc/image.png

Updated Findings/Discussions with UX

We want to swap out the the hyperlink with a button on the right hand side to match the styling of the dropdowns. It does not need to be a dropdown.

The file path to the CSV is already available via graphQL on:

SecurityReportSummarySection ee/app/graphql/types/security_report_summary_section_type.rb

Rough draft implementation plan

  • In ee/app/assets/javascripts/security_dashboard/components/pipeline/security_reports_summary.vue move the
          <template v-if="scanSummary.scannedResourcesCount !== undefined">
            <gl-button
              v-if="hasScannedResources(scanSummary)"
              v-gl-modal.dastUrl
              variant="link"
              data-testid="modal-button"
            >
              (<gl-sprintf
                :message="
                  n__('%d URL scanned', '%d URLs scanned', scanSummary.scannedResourcesCount)
                "
              />)
            </gl-button>

into the containing element for the right hand side column in the grid.

  • Change the variant to from 'link'

Proposed solution

Required Stretch
Description Move the download button of fuzz result to table and change copy Besides required, add download result for SAST
Design screen MR_reduced_version MR_reduced_version-strech
Figma link https://www.figma.com/file/xUrL2HFIvB2Nx8cSwFW7gV/DAST-MR-Pipeline-Improvement?node-id=70%3A40 https://www.figma.com/file/xUrL2HFIvB2Nx8cSwFW7gV/DAST-MR-Pipeline-Improvement?node-id=220%3A0
Edited by -