Add generic report type
What does this MR do and why?
Adds the Generic
report type so that manually created vulnerabilities are visible in the report.
Screenshots or screen recordings
project level | security center level |
---|---|
Here's a gif of the whole flow:
How to set up and validate locally
You should have the runner installed in order to run the pipeline. Then using the following command you can register the runner, it guides you pretty good on how to set the runner:
$ gitlab-runner register
Once it's installed this is how I run the runner:
$ gitlab-runner --log-level debug run local-runner --config ~/.gitlab-runner/config.toml restart
After you got the runner running in order to generate vulnerabilities (skip to item 4 if you already have vulnerabilities):
- Clone https://gitlab.com/gitlab-examples/security/security-reports/
- Run the pipeline by going into Your project > CI/CD > Pipelines
- Click on run pipeline for master branch
- Go to Security & Compliance > Vulnerability Report
- You'll need to have
:new_vulnerability_form
feature flag turned on - Click on +Submit Vulnerability
- Fill the form and submit it
- Come back to the Vulnerability Report.
- The manually created vulnerability should appear under your report. Without these changes they won't show up.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #353176 (closed)
Edited by Savas Vedova