Expose secure scan data (JSON / artifacts) for core customers in an easy to find and download way

Problem to solve

As we move scans into core, what is the most efficient/useful way to tell the core user that the SAST job has completed and there is a result to view."

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->

Further details

We never want to frustrate or force users to hunt things down, and having to hunt around for the scan results could leave them frustrated.

Proposal

Have an area where any user of any level can see a list of scan results and have it rendered.

Assumption, feel free to ignore - I was thinking like a list and you click and then it comes up like https://jsonlint.com/

Permissions and Security

must have ability to see code (reporter+)

Documentation

yes update user docs

Testing

• create a test for list of artifacts to render - for each permission level
• create a test for an individual artifact to render - for each permission level

What does success look like, and how can we measure that?

Core users can find and see scan results within UI

What is the type of buyer?

Core

Links / references