Return SAST report errors in an `errors` array
What does this MR do and why?
Return SAST report errors in an errors array
When originally opened in February, the situation was such that:
- this endpoint returned a
200response if parsing failed - the response was empty when the parsing failed
Having picked this issue up to work on, I discovered that:
- the endpoint is now correctly returning an error response (
400) - the response body now has an error string in a
status_reasonfield
I synced up with front-end because, even with an error response, the widget is still showing a green dot indicating an "all-ok" security scanning situation
We decided that we should:
- moved that
status_reasonerror string into anerrors: []per the issue description - let front-end investigate why the existing error response is displaying as a passing response in the widget UI
Once we have the errors: [] interface in place between the front-end
and back-end, and the error rendering in the widget UI, we can further
iterate on the level of detail returned via the errors: [] array
related to: #390200 (closed)
Changelog: fixed
EE: true
Screenshots or screen recordings
no error scenario
| Before | After |
|---|---|
 |
 |
error scenario
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- clone this repo into an EE enabled group: https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/static-reports/mr-widget-with-malformed-reports
- (optional) For testing, you can replace
with_reactive_cachetowithout_reactive_cachehere (docs on reactive caching) - follow the README to recreate the error scenarios
- you should see an
error: []array in the response with this change
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.