Display File Type in Security Scan Artifact Download Dropdown for Non-Ultimate Developers
What does this MR do and why?
For developers on non-ultimate tiers, display file types in the drop-down menu when downloading security scan artifacts from merge requests.
References
- Issue #420907 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
| Before | After |
|---|---|
| Before dropdown | After dropdown |
How to set up and validate locally
-
Ensure You Are a Developer in the Non-Ultimate Tier
Make sure you have developer access in a GitLab project under the non-Ultimate tier, as security scans are available based on your tier. -
Enable Security Scans in Your CI/CD Pipeline
Confirm that security scans are configured in your CI/CD pipeline. You can either enable scans for your project by following the guide at GitLab Scans Documentation, or use an existing project with predefined security scan setups. For example, you can import a project using Import by URL and use the Security Reports Examples to test changes. -
Create a Merge Request to Trigger the Pipeline
Push your changes to a branch and create a merge request (MR) targeting the main branch or another relevant branch. This will trigger the CI/CD pipeline, including the security scans. -
Verify that Security Scans Have Run
After the MR is created, check the pipeline status in the Pipelines tab. Ensure that the security scan jobs (e.g., SAST, Dependency Scanning, etc.) have been executed successfully. -
Download the Security Scan Artifacts and Check File Type
Once the pipeline completes, click the download button for the security scan artifacts. Confirm that the file type is correctly displayed in the drop-down menu.