Skip to content

Update popover text for Sec features

Connor Gilbert requested to merge connorgilbert/clarify-sec-popovers into master

What does this MR do and why?

Edit the text used in the security scanning MR widget to better reflect how the features work.

  • DAST and SAST identify potential vulnerabilities (as opposed to "known vulnerabilities", which I read basically to mean CVEs)
    • I went with "potential vulnerabilities" for SAST, since static findings are far more often weaknesses that could be vulnerabilities.
    • I went with just "vulnerabilities" for DAST, since dynamic findings have more of an element of proof (they were actually seen live) than SAST. But they are certainly not "known vulnerabilities" in the sense of previously-known vulns like CVEs.
  • Secret Detection finds leaked credentials, but currently this is described awkwardly
  • "docker images" should either be "Docker images" or "container images" (I chose the latter)
  • Dependency Scanning referred to "your source code's dependencies", which felt more awkward than "your project's dependencies". But I don't feel as strongly about this one.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

This MR updates text in the MR security widget. There's a popover like these examples. Both examples use the previous text because I don't have a GDK setup handy.

SAST_popover

Secret_Detection_popover

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Connor Gilbert

Merge request reports

Loading