RUN AS-IF-FOSS - Add basic security merge request widget
What does this MR do?
Add basic security merge request widget for Core. It simply indicates whether security scans have run.
This is very much an MVC, and future iterations will change this dramatically.
Addresses #249543 (closed), part of &4388.
Screenshots
Testing locally
- Set up the GDK to run in
FOSS_ONLYmode (putexport FOSS_ONLY=1inenv.runit) - Run
gdk restart - Enable the
core_security_mr_widgetfeature flag - Create a project which runs SAST and/or Secret Detection
- Open an MR which contains a secret in the diff, or code that our SAST analysers cover (e.g., a do-nothing
.jsfile should do) - Let the pipeline run
- Refresh the page
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Related to #249543 (closed)
Edited by -