Rename `Scanner` in Vulnerability Report and Vulnerability Details to `Tool`
Summary
We currently miscategorize Scan Type
as Scanner
on the vulnerability report both in the table and filters.
The "Scan Type" should be our categories such as sast
or dependency scanning
where-as the "Scanner" refers to the underlying tool reporting the findings; i.e. gosec
or gemnasium
. This can be confusing and is incongruent with the vulnerability details page, where we list the scanner correctly (see screenshot below)
See Secure Glossary MR for more on the distinction: gitlab-com/www-gitlab-com!49901 (diffs)
Additionally, there will be future sources of vulnerability data that does not come from a scanner/pipeline job. For example, we will soon have the ability to add vulnerability objects by manually creating them or doing so directly via API. This adds further weight to Scanner
being an inappropriate name for the vulnerability source. To be more clear and more inclusive, we will instead rename this column to Tool
.
Steps to reproduce
Visit https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/security/vulnerability_report and look at column
Example Project
https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/security/vulnerability_report
What is the current behavior?
We display the "Scan Type" under the heading of "Scanner"
What is the desired behavior?
We display the filter for report type and column with the updated heading of "Tool"
Relevant logs and/or screenshots
Vulnerability list
Vulnerability Details
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
-
Rename "Scanner" column to "Tool":
-
Rename all instances of the word "scanner" to "tool" for the scanner dropdown:
(If you can, link to the line of code that might be responsible for the problem)
-
Update documentation screenshots and references to the scanner filter.