Issue with GitLab Vulnerability Reporting
We finished the DAST scan in Gitlab this morning and here is the screenshot. Problem we have is we are currently migrating to the new NLP versions and in the process we have been doing optimizations on our third party dependency management generated vulnerability report in the UI. What we see here is the current develop branch (not the release branch).
Below is the report as of when I ran it for the release (early this morning).
This does raise an issue though that we will have with the GitLab vulnerability reporting.
Currently our scans are set on the develop branch not the master and one limitation with GitLab is that it does not track multiple branches or releases, only the default branch. For cloud solutions this is fine, but it lacks the historical view and can’t see vulnerabilities and track for a prior release like whitesource can.
So there will be scenarios where the vulnerability Report shows the results of NEW development and not what is in production.
How should we handle that?