Add ability to hide findings from specific scanners in merge requests

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

Some customers are only interested in their merge request authors and reviewers seeing specific findings from security scans, but still having the findings available in the vulnerability report. The proposal would be to add the ability to choose which scanner's findings are visible in merge requests.

This was reported by a large, GitLab Ultimate customer. They would like for SAST and secret detection results to show on merge requests, since their developers typically have the ability to do something about vulnerabilities found by these. By contrast, dependency scanning results are typically not under the control of the developers submitting and reviewing merge requests, so they'd rather those results only be visible in the vulnerability report.

This may also be of interest to those who are looking for #500716 to be implemented.