Present container scanning methods in merge request widget
What does this MR do?
Exposes new endpoint for in merge request controller to compare CS (container scanning) reports between master and branch. Output of the comparison will looks like following
added
new vulnerabilities introduced to project
fixed
vulnerabilities that will be removed from the project
existing
vulnerabilities that won't be fixed with current MR
Related issue
https://gitlab.com/gitlab-org/gitlab-ee/issues/13399
Does this MR meet the acceptance criteria?
-
Checkout this branch and run gdk -
have project with container scanning(you can import our test project to your local instance -
Enable container scanning and make sure to generate container scanning report with master branch -
Create an mr for the project that you imported -
hit http://<local_instance>/gitlab-org/ruby-bundler/merge_requests/<mr_number>/container_scanning_reports.json -
Container scanning reports should be listed -
Go to any merge request page and write window.gl.mrWidgetData.container_scanning_comparsion_path
to js console in your browser it should show end point that you can hit to get comparison report.
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Can Eldem