Re-evaluate report widget information architecture
Problem to Solve
The report widgets for security scans current display a significant amount of information without any clear indication of what might need to be done:
Example merge request
Challenges
- The status of the widgets uses the same icon as the pipelines to indicate it's
Passed with warnings
. However, in the example MR, there's actually something in this list which is causing a requirement for approval - The widget contains a number of findings, but it's not clear what actually needs to be actioned (in some cases we're showing over 45+ "potential" vulnerabilities)
- The widget doesn't clearly indicate which policy is in violation so that more information about the policy could be gathered
Proposal
The report widgets should only identify information that actually needs to be resolved (enforced by policy) on the overview page. This keeps the information in the merge request actionable and succinct for users.
Potentially we can adopt some version of the merge widget layout where failed (items that need to be actioned) are expanded with a clear icon and other items are collapsed.
IF (and this is a big IF), there's a need to display ALL of the results of the scan on any given MR, we should move that information to a separate tab that contains the full report.
Edited by Kai Armstrong