Update prerequisites for security dashboard to appear
-
Please check this box if this contribution uses AI-generated content as outlined in the GitLab DCO & CLA.
What does this MR do?
Specifies that for the Security Dashboard to appear/activate for a project it must have detected at least one vulnerability. If there are no detected vulnerabilities in a given project, the dashboard does not appear. This is confusing for customers who review the prerequisites section and fulfil the requirements but do not see the dashboard as they have not yet detected a vulnerability.
For confirmation:
- Create empty project in SaaS Ultimate group with a
test.rb
(to trigger SAST job) file in it - Enable SAST via simple CI config:
include:
- template: Security/SAST.gitlab-ci.yml
stages:
- test
- Run successful scan against main branch
- Confirm prerequisites, and observe dashboard does not load/activate
- Add a vulnerability to the project:
# create ruby file oopsie.rb with this code:
class BenefitFormsController < ApplicationController
def index
@benefits = Benefits.new
end
def download
begin
path = params[:name]
file = params[:type].constantize.new(path)
send_file file, disposition: "attachment"
rescue
redirect_to user_benefit_forms_path(user_id: current_user.id)
end
end
def upload
file = params[:benefits][:upload]
if file
flash[:success] = "File Successfully Uploaded!"
Benefits.save(file, params[:benefits][:backup])
else
flash[:error] = "Something went wrong"
end
redirect_to user_benefit_forms_path(user_id: current_user.id)
end
end
- Wait for SAST scan to finish then observe dashboard appears as expected
Related issues
Author's checklist
-
Optional. Consider taking the GitLab Technical Writing Fundamentals course. -
Follow the: -
If you're adding a new page, add the product availability details under the H1 topic title. -
If you are a GitLab team member, request a review based on: - The documentation page's metadata.
- The associated Technical Writer.
If you are a GitLab team member and only adding documentation, do not add any of the following labels:
~"frontend"
~"backend"
~"type::bug"
~"database"
These labels cause the MR to be added to code verification QA issues.
Reviewer's checklist
Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.
If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.
-
If the content requires it, ensure the information is reviewed by a subject matter expert. - Technical writer review items:
-
Ensure docs metadata is present and up-to-date. -
Ensure the appropriate labels are added to this MR. -
Ensure a release milestone is set. - If relevant to this MR, ensure content topic type principles are in use, including:
-
The headings should be something you'd do a Google search for. Instead of Default behavior
, say something likeDefault behavior when you close an issue
. -
The headings (other than the page title) should be active. Instead of Configuring GDK
, say something likeConfigure GDK
. -
Any task steps should be written as a numbered list. - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
-
-
-
Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.