Show Security Testing results on the environments page

Problem to solve

In the Operations > Environments list, you can see which version of your app is deployed in the different environments like staging or production.

Security and Operations teams want to know if their environments have problems that may affect the security of the deployed application, and if those problems are affecting an internal server or the public production instance.

Since applications are deployed using pipelines, and pipelines have security testing (SAST, Dependency Scanning, etc), we can provide the security report for a specific environment defined as the one for the pipeline that was responsible to the deploy action.

Further details

As a Security or Operations professional, I want to know if something vulnerable has been deployed into my production environment. The environments page is not focused on security, but information about the security status (green, red) is enough to choose if I want to dig more into details of the complete report, or if I can feel safe.

Proposal

Add a new column in the Operations > Environments list with a security badge (one for each environment).

The badge reports the status of security (orange, green). The badge links to the full security report at the pipeline level. The pipeline is the pipeline that deployed the current version for the specific environment.

No vulnerabilities detected

Vulernabilities detected

Hover state example

The badge can also be shown in the environment details view. To be determined later...

What does success look like, and how can we measure that?

How many clicks are done on the badge.