Added token status verification to Pipeline Security Report
What does this MR do and why?
Added token status verification to Pipeline Security Report
This MR enables token status verification in the Pipeline Security Report page by:
- Exposing the validity_checks_enabled setting from the backend to the Pipeline Security frontend
- Pushing the validity_checks_security_finding_status feature flag to the frontend via the Pipelines controller
- Configuring the Pipeline Security Dashboard to provide the validityChecksEnabled value to child components
- Ensuring the VulnerabilityList component can access this value through Vue's provide/inject pattern
- These changes allow users to see token status (Active/Inactive/Possibly active) for detected secrets directly in the Pipeline Security Report, matching the functionality already available in the main Vulnerability Report page.
Changelog: changed EE: true
References
[FE] UI for Pipeline > Security Report Page (#557280 - closed) • Radu Birsan • 18.4 • On track
Screenshots or screen recordings
How to set up and validate locally
- In rails console enable the feature flag
Feature.enable(:validity_checks_security_finding_status) - Visit a project that had a pipeline run with Secret Detection that found vulnerabilities
- Click on pipeline and go to Security Tab
- Verify finding token status appears should default to Possibly Active secret until we hook up the backend
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Radu Birsan