Ensure security features can be tested in GitLab review apps
Problem to solve
We have review apps for gitlab-ce
and gitlab-ee
, and this is awesome.
We want to use them to test security features like security dashboards and reports. This is not easy to achieve now because it requires CI/CD pipelines to run and create artifacts, that are then used as the source of data.
This makes review apps almost useless for this task.
If we can have data already in the review app, we can test features with no additional setup.
Proposal
Add fixtures to gitlab-ee
review app to fill database tables that are used by the security dashboard and reports. We should also create artifacts to test compatibility with the old approach until it will be eventually removed.
At the moment this includes:
- SAST reports in the DB
- SAST reports as artifacts
- Dependency Scanning reports as artifacts
- Container Scanning reports as artifacts
- DAST reports as artifacts
- License Management reports as artifacts
What does success look like, and how can we measure that?
Developers are able to test security dashboard and reports using gitlab-ee
review app, with no additional effort.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.