UI: Merge Request: Security Scans: Shows yellow exclamation mark, even if there are no vulns found
Why are we doing this work
The application security merge request widget for the GitLab free edition shows a warning even when all security scan jobs have passed and there are no security findings.
For example, in group-thiagocsf/secrets-and-sast!1 (merged) we can see:
In the Ultimate edition, this behavior is different. See explanation.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
Make the MR Widget in the Free version behave thusly:
- When security jobs complete successfully, use the "information" icon instead of "warning".
- When security jobs fail, use the "warning" icon.
Verification steps
Original description by a user
In the Merge Request UI:
When running SAST and/or Secret Detection, and they find no vulnerabilities, it shows a yellow exclamationmark.
I'd like the "Security scans have run" icon to be a green checkmark, if there are no vulns.
I have attached the two reports, so you can see they're "empty".
We are confused as to why this is a yellow exclamation point, even when there are no vulns found.
I think the UX could be improved by updating the UI to be a Green checkmark, like the others. Fx "Test summary" is a green checkmark, when tests pass. I think for consistency the Security scans should be similar.