Show Dependency Scanning results in the Group Security Dashboard
Problem to solve
The Group Security Dashboard currently shows only SAST results. This is a good starting point, but we need to add more source of vulnerabilities and cover all the reports we have.
The next step is to add Dependency Scanning results to the dashboard.
This issue requires https://gitlab.com/gitlab-org/gitlab-ee/issues/6718 to be merged in a previous iteration.
Those are the requirements:
- add Dependency Scanning to the list of sources (see https://gitlab.com/gitlab-org/gitlab-ee/issues/6240)
- the results will be shown in the list, and action items available, in the most similar way to SAST
- the summary and metrics must consider both SAST and Dependency Scanning results
What does success look like, and how can we measure that?
Security teams will use the Group Security Dashboard to fix their Dependency Scanning vulnerabilities.