Add/Update documentation to cover sbom based security findings
Why are we doing this work
The addition of sbom-based security findings to both MR widget and security tab is considerable and requires updating the existing docs with proper clarifications.
Use security_findings for security MR widget re... (#390185 - closed) • Rushik Subba • 17.9 • On track is going to change the backend to fetch security finding data from the DB instead of using the existing report fetching & parsing logic.
At the same time Add support for security findings into pipeline... (#490334 - closed) • Zamir Martins • 17.9 • Needs attention is going to enable the creation of security findings from cyclonedx reports.
The two together will allow for sbom-related security findings to be displayed on both in the pipeline security tab and MR widget:
Pipeline security tab
MR widget
Note: Although the vision is to make this change available to both container scanning and dependency scanning, this epic is scoped only to dependency scanning
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: