MR Widgets (Security and License Compliance) not showing consistently on projects

Summary

When customers enable security scanning or license scanning on a project, they expect that every MR should display relevant widgets. What appears to be the case today is that it depends on the pipeline configuration per project, and if the latest completed pipelines have the relevant scanner.

It appears that the widgets do not yet consider multiple pipeline sources, so they are not consistently displaying on all MRs.

Example MR

Overview lacking MR widgets Pipeline view
image.png image.png
  1. For this project, both Branch and MR pipelines are running.
  2. When viewing pipelines view, you can see that the latest Branch pipeline has two jobs (containing security and license scanning). The latest MR pipeline however does not. If the project used only branch pipelines, the widget would display properly.

Steps to reproduce

  1. Create two projects - one with only branch pipelines, one with branch and MR pipelines
  2. Run dependency scanner in branch pipelines
  3. Observe inconsistency of when the widgets display

Example Project

gitlab-org/govern/demos/sandbox/alan/gisolf-verification/slow-mr!3 (closed)

What is the current bug behavior?

MR widget does not display consistently.

What is the expected correct behavior?

MR widget should display consistently.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of: \\\\\\\\\\\\\\\`sudo gitlab-rake gitlab:env:info\\\\\\\\\\\\\\\`) (For installations from source run and paste the output of: \\\\\\\\\\\\\\\`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\\\\\\\\\\\\\\\`)

Results of GitLab application Check

Expand for output related to the GitLab application check 

(For installations with omnibus-gitlab package run and paste the output of: \\\\\\\`sudo gitlab-rake gitlab:check SANITIZE=true\\\\\\\`) (For installations from source run and paste the output of: \\\\\\\`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true\\\\\\\`) (we will only investigate if the tests are passing)

Possible fixes

Edited by Grant Hickman