E2E test coverage revisited for Govern: Threat Insights
Creating this issue to revisit E2E test gaps for threat insights/vulnerability report. I am using this issue as a starting point: https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/736
Below summarises the existing E2E test gaps. Any further test coverage for new and upcoming features won't be part of this issue:
Description | Test case/Comments | Priority |
---|---|---|
Check security scanning widget when MR is created and validate vulnerability counts | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348031 | |
Check vulnerability details in project vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348076 | |
Create issue from project vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347683 | |
Vulnerability management from security scanning widget in an MR - Dismiss a Finding | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348008 | |
Vulnerability management from security scanning widget in an MR - Create an issue | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348007 | |
Vulnerability management from security scanning widget in an MR - Auto remediation MR | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348009 | |
Validate filters in project vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348037 (This test may need to be updated with more tool filters) | |
Validate filters in pipeline security tab report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348036 (This test may need to be updated with more tool filters) | |
Validate filters in group vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348038 (This test may need to be updated with more tool filters) | |
Check that vulnerability report displays false positives | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/350412 | |
Change status of vulnerabilities in vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/361048, https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/361405 | |
"Fix a vulnerability" workflow | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/362599 | |
Dismiss findings from pipeline security tab | gitlab-org/gitlab#364356 (closed) | |
Export vulnerability report | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/384370 | |
Make sure already dismissed vulnerability isn't shown in new security scan as new vulnerability -- issue link | This is an existing issue | |
Manually create a vulnerability using API and perform validations | Not an E2E test | |
Validate pagination in vulnerability report | Covered in frontend spec | |
Add an E2E test for security training integration | Does not add value as E2E spec | |
Add test for secret detection, api fuzzing and coverage fuzzing ingest | Does not add any value as an E2E test | |
Security approvals in merge request - Scan result policies | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/365005 | |
Create JIRA issue from vulnerability - Orchestrated test example | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/377406 | |
E2E test for slack integration with vulnerability report | gitlab-org/gitlab#348467 (comment 975022050) | |
Create issue from pipeline security tab | https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/383756 |
Summary
The End-to-End test gaps identified in this issue have been addressed and appropriate specs (per table above) have been added in here. Going forward, E2E coverage for threat insights will be improved in line with feature development and thus this issue can be closed.
Edited by Harsha Muralidhar