Merge Request page says `Security scanning detected no vulnerabilities` but Security tab of pipeline shows otherwise
Summary
It is misleading to show Security scanning detected no vulnerabilities.
but when user clicks the View full report
button that leads to the Security
tab of the pipeline, it says there are vulnerabilities. Note: the vulnerability shown is the same as the ones in the dashboard.
We should fix the wordings in the Merge Request as the security scanning did detect vulnerabilities, so it is consistent with the full report.
This issue was raised by Ultimate Customer via Internal Ticket (All GitLab team members can view the tickets)
Proposal
Update the wording in the MR security widget. This will clarify that while there are no findings introduced by the associated feature branch, there may still be vulnerabilities inside the branch that existed in the branch's parent.
Changes
- Adding "new", changing
Security scanning detected no vulnerabilities.
toSecurity scanning detected no new vulnerabilities.
-
Add an info popover with the text below. The tooltip will link to this page: https://docs.gitlab.com/ee/user/application_security/#ultimateDeferred to #361562 (closed)