CI view for SAST
Description
We have SAST analysis in https://gitlab.com/gitlab-org/gitlab-ee/issues/3723. It creates a report, and some information is partially available in the MR widget (https://gitlab.com/gitlab-org/gitlab-ee/issues/3775).
Proposal
Create a specific CI view for SAST output results.
Links / references
Documentation blurb
Overview
What is it? Why should someone use this feature? What is the underlying (business) problem? How do you use this feature?
Use cases
Who is this for? Provide one or more use cases.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml
Proposal
As a first iteration, we will bring the SAST view from the MR widget to the Pipeline page. This view will appear under a new tab Security report.
If any vulnerabilities have been detected, the number of vulnerabilities will be shown on the tab's badge
A new row should be added to the 'Pipeline widget', which shows the result of the security report without having to access the tab.
The number of vulnerabilities detected will be a link to http://DOMAIN/PROJECT/pipelines/XXX/security, so clicking it will open the Security report tab
| Vulnerabilities detected | No vulnerabilities detected |
|---|---|
 |
 |
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.