Security dashboard wipes out results from manual jobs
Problem to solve
We are having an issue when our security tests from every commit run (SAST, Dependency Scan) wipe out the results from our manual ran security tests (DAST).
We run DAST scan regularly, but because it is manual kick-off, it is not ran on every commit on the default branch.
The security dashboard seems to be pointing at a pipeline version, so the results are getting all of the DAST issues cleared out from the security dashboard.
Steps to reproduce current behavior
- start a new project with SAST (setup to auto run) / DAST (setup to run manually) configured
- Run DAST
- Commit code to fix one of the DAST issues (sast auto runs, but don't kick off dast yet)
- notice on the security dashboard it no longer shows the DAST issues
Intended users
Security Analyst
Further details
To see the issues of manual ran jobs without being wiped out when the next pipeline runs.
Proposal
Is there a way to make each scan look at the most recent ran version of that scan, instead of finding the latest pipeline that ran successfully.