Skip to content

Move project level vulnerabilities to vulnerability report component

What does this MR do?

Previously we merged the instance and group level vulnerability components under vulnerability_report.vue file. This MR moves the last piece, which is the project level. The reason why we left it out previously is because it contains a few customizations and we didn't want to grow the other MR.

In order to test this you'll have to have an EE license. Once got that:

  • Go to your Project > Security & Compliance > Vulnerability Report

They shall look like this with a project that has vulnerabilities.

image

In order to have vulnerabilities, you'll have to run a pipeline and the scanners will have to detect vulnerabilities. You can fork this repo as an example: https://gitlab.com/gitlab-examples/security/security-reports/

Screenshots (strongly suggested)

There are no visual changes.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #321775 (closed)

Merge request reports

Loading