Rename `Scanner` in Pipeline Security Report Modal to `Tool`
Summary
We currently miscategorize Scan Type
as Scanner
on the Pipeline Security Report (MR security widget) modal. This term has already been updated to Tool
on the Pipeline Vulnerability Report as well as all other Vulnerability Reports & the Vulnerability Details page.
The "Scan Type" should be our categories such as sast
or dependency scanning
where-as the "Scanner" refers to the underlying tool reporting the findings; i.e. gosec
or gemnasium
. This can be confusing and is incongruent with the vulnerability details page, where we list the scanner correctly (see screenshot below)
See Secure Glossary MR for more on the distinction: gitlab-com/www-gitlab-com!49901 (diffs)
Additionally, there will be future sources of vulnerability data that does not come from a scanner/pipeline job. For example, we will soon have the ability to add vulnerability objects by manually creating them or doing so directly via API. This adds further weight to Scanner
being an inappropriate name for the vulnerability source. To be more clear and more inclusive, we will instead rename this column to Tool
.
Steps to reproduce
- Visit gitlab-examples/security/security-reports!60 (closed)
- Expand the MR Security Widget & select any finding
- Observe the datapoint
Scanner
, this should readTool
Example Project
gitlab-examples/security/security-reports!60 (closed)
What is the current behavior?
We display the "Scan Type" under the heading of "Scanner"
What is the desired behavior?
We display the report type data with the updated heading of "Tool"
Relevant logs and/or screenshots
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Implementation Plan
-
TBD -
Update documentation screenshots and references for the Pipeline Security Report modal.