Skip to content

Add generic report type

Savas Vedova requested to merge 353176-fix-vuln-not-showing into master

What does this MR do and why?

Adds the Generic report type so that manually created vulnerabilities are visible in the report.

Screenshots or screen recordings

project level security center level
image image

Here's a gif of the whole flow:

vulnerability

How to set up and validate locally

You should have the runner installed in order to run the pipeline. Then using the following command you can register the runner, it guides you pretty good on how to set the runner:

$ gitlab-runner register

Once it's installed this is how I run the runner:

$ gitlab-runner --log-level debug run local-runner --config ~/.gitlab-runner/config.toml restart

After you got the runner running in order to generate vulnerabilities (skip to item 4 if you already have vulnerabilities):

  1. Clone https://gitlab.com/gitlab-examples/security/security-reports/
  2. Run the pipeline by going into Your project > CI/CD > Pipelines
  3. Click on run pipeline for master branch
  4. Go to Security & Compliance > Vulnerability Report
  5. You'll need to have :new_vulnerability_form feature flag turned on
  6. Click on +Submit Vulnerability
  7. Fill the form and submit it
  8. Come back to the Vulnerability Report.
  9. The manually created vulnerability should appear under your report. Without these changes they won't show up.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #353176 (closed)

Edited by Savas Vedova

Merge request reports