The group vulnerability chart shows a wrong vulnerability count
Cause
Data is based off last run, and a lack of data is taken as a 0
Workaround
Scheduled pipeline on the default branch, on a daily basis, for every projects in the group.
Research into better data and solutions
- First Class Vulnerabilities &634 (closed)
- Reports as first class entities https://gitlab.com/gitlab-org/gitlab-ee/issues/10250
- Show when security tests are not run https://gitlab.com/gitlab-org/gitlab-ee/issues/7521 & related Schedule execution of security tests to keep results up to date https://gitlab.com/gitlab-org/gitlab-ee/issues/7231
- Include security dashboard results as part of Auto DevOps QA https://gitlab.com/gitlab-org/gitlab-ee/issues/8706
- Clarity of display 0 versus null gitlab-design#462 (closed)
Summary
The vulnerability chart seems to use the vulnerability count of the last sast job run, not the current sum of defects.
Version
11.6.0-ee (4c09765)
Edited by Nicole Schwartz