Skip to content

Generic Security Reports: Link to correct commits when GitLab instance is running under a relative URL

What does this MR do?

It fixes an issue that happens on the pipeline security tab. When running a GitLab instance under a relative URL it would not link generic report-items of type commit correctly (missing the instance's relative URL bit).

Screenshots (strongly suggested)

Screen_Shot_2021-06-21_at_4.10.40_pm

How to test this locally

  1. Follow these instructions to run a local instance with a relative URL: https://docs.gitlab.com/ee/install/relative_url.html#enable-relative-url-in-gitlab
  2. Create a new project
  3. Add a .gitlab-ci.yml file with the following contents:
stages:
    - dast

dast:
  stage: dast 
  image: alpine:3.10.2
  script:
    - pwd
  artifacts:
    reports:
      dast: dast.json
  1. Add a new file dast.json with the contents from: $2136483
  2. Run a pipeline
  3. Go to the pipeline's result and click the "security" tab

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #334128 (closed)

Edited by David Pisek

Merge request reports

Loading