Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
60f5a82a
Commit
60f5a82a
authored
Aug 13, 2021
by
David Pisek
Committed by
Savas Vedova
Aug 13, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Vulnerability Reports: Rename "scanner" to "tool"
parent
36495806
Changes
15
Hide whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
35 additions
and
32 deletions
+35
-32
doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v13_10.png
...rity_dashboard/img/pipeline_security_dashboard_v13_10.png
+0
-0
doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png
...urity_dashboard/img/pipeline_security_dashboard_v14_2.png
+0
-0
doc/user/application_security/security_dashboard/index.md
doc/user/application_security/security_dashboard/index.md
+1
-1
doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v13_9.png
...erability_report/img/group_vulnerability_report_v13_9.png
+0
-0
doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png
...erability_report/img/group_vulnerability_report_v14_2.png
+0
-0
doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v13_10.png
...t/img/project_security_dashboard_status_change_v13_10.png
+0
-0
doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png
...rt/img/project_security_dashboard_status_change_v14_2.png
+0
-0
doc/user/application_security/vulnerability_report/index.md
doc/user/application_security/vulnerability_report/index.md
+10
-10
ee/app/assets/javascripts/security_dashboard/components/pipeline/security_dashboard_table.vue
...ashboard/components/pipeline/security_dashboard_table.vue
+1
-1
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_list.vue
...curity_dashboard/components/shared/vulnerability_list.vue
+1
-1
ee/app/assets/javascripts/security_dashboard/helpers.js
ee/app/assets/javascripts/security_dashboard/helpers.js
+2
-2
ee/app/assets/javascripts/security_dashboard/store/modules/filters/constants.js
...pts/security_dashboard/store/modules/filters/constants.js
+1
-1
ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
...ipts/vulnerabilities/components/vulnerability_details.vue
+1
-1
ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
...ec/frontend/vulnerabilities/vulnerability_details_spec.js
+7
-7
locale/gitlab.pot
locale/gitlab.pot
+11
-8
No files found.
doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v13_10.png
deleted
100644 → 0
View file @
36495806
78.5 KB
doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png
0 → 100644
View file @
60f5a82a
81.9 KB
doc/user/application_security/security_dashboard/index.md
View file @
60f5a82a
...
...
@@ -51,7 +51,7 @@ The security dashboard and vulnerability report displays information about vulne
At the pipeline level, the Security section displays the vulnerabilities present in the branch of
the project the pipeline ran against.
![
Pipeline Security Dashboard
](
img/pipeline_security_dashboard_v1
3_10
.png
)
![
Pipeline Security Dashboard
](
img/pipeline_security_dashboard_v1
4_2
.png
)
Visit the page for any pipeline that ran any of the
[
supported reports
](
#supported-reports
)
. To view
the pipeline's security findings, select the
**Security**
tab when viewing the pipeline.
...
...
doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v13_9.png
deleted
100644 → 0
View file @
36495806
53.2 KB
doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png
0 → 100644
View file @
60f5a82a
107 KB
doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v13_10.png
deleted
100644 → 0
View file @
36495806
40.2 KB
doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png
0 → 100644
View file @
60f5a82a
62.1 KB
doc/user/application_security/vulnerability_report/index.md
View file @
60f5a82a
...
...
@@ -16,7 +16,7 @@ At all levels, the Vulnerability Report contains:
-
Filters for common vulnerability attributes.
-
Details of each vulnerability, presented in tabular layout.
![
Vulnerability Report
](
img/group_vulnerability_report_v1
3_9
.png
)
![
Vulnerability Report
](
img/group_vulnerability_report_v1
4_2
.png
)
## Project-level Vulnerability Report
...
...
@@ -49,7 +49,7 @@ You can filter the vulnerabilities table by:
|:---------|:------------------|
| Status | Detected, Confirmed, Dismissed, Resolved. |
| Severity | Critical, High, Medium, Low, Info, Unknown. |
|
Scanner | For more details, see
[
Scanner filter
](
#scanner
-filter
)
. |
|
Tool | For more details, see
[
Tool filter
](
#tool
-filter
)
. |
| Project | For more details, see
[
Project filter
](
#project-filter
)
. |
| Activity | For more details, see
[
Activity filter
](
#activity-filter
)
. |
...
...
@@ -70,17 +70,17 @@ The filters' criteria are combined to show only vulnerabilities matching all cri
An exception to this behavior is the Activity filter. For more details about how it works, see
[
Activity filter
](
#activity-filter
)
.
##
Scanner
filter
##
Tool
filter
The
scanner filter allows you to focus on vulnerabilities detected by selected scanner
s.
The
tool filter allows you to focus on vulnerabilities detected by selected tool
s.
When using the
scanner
filter, you can choose:
When using the
tool
filter, you can choose:
-
**All
scanner
s**
(default).
-
Individual GitLab-provided
scanner
s.
-
Any integrated 3rd-party
scanner
.
[
Introduced
](
https://gitlab.com/gitlab-org/gitlab/-/issues/229661
)
in GitLab 13.12.
-
**All
tool
s**
(default).
-
Individual GitLab-provided
tool
s.
-
Any integrated 3rd-party
tool
.
[
Introduced
](
https://gitlab.com/gitlab-org/gitlab/-/issues/229661
)
in GitLab 13.12.
For details of each of the available
scanner
s, see
[
Security scanning tools
](
../index.md#security-scanning-tools
)
.
For details of each of the available
tool
s, see
[
Security scanning tools
](
../index.md#security-scanning-tools
)
.
### Project filter
...
...
@@ -143,7 +143,7 @@ To change the status of vulnerabilities in the table:
1.
Select the checkbox for each vulnerability you want to update the status of.
1.
In the dropdown that appears select the desired status, then select
**Change status**
.
![
Project Vulnerability Report
](
img/project_security_dashboard_status_change_v1
3_10
.png
)
![
Project Vulnerability Report
](
img/project_security_dashboard_status_change_v1
4_2
.png
)
## Export vulnerability details
...
...
ee/app/assets/javascripts/security_dashboard/components/pipeline/security_dashboard_table.vue
View file @
60f5a82a
...
...
@@ -83,7 +83,7 @@ export default {
{{
s__
(
'
Reports|Identifier
'
)
}}
</div>
<div
class=
"table-section section-15"
role=
"rowheader"
>
{{
s__
(
'
Reports|
Scanner
'
)
}}
{{
s__
(
'
Reports|
Tool
'
)
}}
</div>
<div
class=
"table-section section-20"
role=
"rowheader"
></div>
</div>
...
...
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_list.vue
View file @
60f5a82a
...
...
@@ -151,7 +151,7 @@ export default {
},
{
key
:
'
reportType
'
,
label
:
s__
(
'
Reports|
Scanner
'
),
label
:
s__
(
'
Reports|
Tool
'
),
class
:
'
scanner
'
,
sortable
:
this
.
isSortable
,
},
...
...
ee/app/assets/javascripts/security_dashboard/helpers.js
View file @
60f5a82a
...
...
@@ -48,7 +48,7 @@ export const createScannerOption = (vendor, reportType) => {
// used by the scanner filter that shows a flat list of scan types (DAST, SAST, etc) with no vendor
// grouping.
export
const
simpleScannerFilter
=
{
name
:
s__
(
'
SecurityReports|
Scanner
'
),
name
:
s__
(
'
SecurityReports|
Tool
'
),
id
:
'
reportType
'
,
options
:
parseOptions
(
REPORT_TYPES
),
allOption
:
BASE_FILTERS
.
report_type
,
...
...
@@ -58,7 +58,7 @@ export const simpleScannerFilter = {
// This is used on the project-level report. It's used by the scanner filter that shows a list of
// scan types (DAST, SAST, etc) that's grouped by vendor.
export
const
vendorScannerFilter
=
{
name
:
s__
(
'
SecurityReports|
Scanner
'
),
name
:
s__
(
'
SecurityReports|
Tool
'
),
id
:
'
scanner
'
,
options
:
Object
.
keys
(
REPORT_TYPES
).
map
((
x
)
=>
createScannerOption
(
DEFAULT_SCANNER
,
x
)),
allOption
:
BASE_FILTERS
.
report_type
,
...
...
ee/app/assets/javascripts/security_dashboard/store/modules/filters/constants.js
View file @
60f5a82a
...
...
@@ -20,7 +20,7 @@ export const BASE_FILTERS = {
id
:
ALL
,
},
report_type
:
{
name
:
s__
(
'
ciReport|All
scanner
s
'
),
name
:
s__
(
'
ciReport|All
tool
s
'
),
id
:
ALL
,
},
activity
:
{
...
...
ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
View file @
60f5a82a
...
...
@@ -200,7 +200,7 @@ export default {
</detail-item>
<detail-item
v-if=
"scanner.name"
:sprintf-message=
"__('%
{labelStart}
Scanner
:%{labelEnd} %{scanner}')"
:sprintf-message=
"__('%
{labelStart}
Tool
:%{labelEnd} %{scanner}')"
>
<component
:is=
"scannerDetails.component"
...
...
ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
View file @
60f5a82a
...
...
@@ -200,26 +200,26 @@ describe('Vulnerability Details', () => {
const
scannerText
=
()
=>
getById
(
'
scanner
'
).
text
();
it
(
'
shows the scanner name only but no link
'
,
()
=>
{
createWrapper
({
scanner
:
{
name
:
'
some
scanner
'
}
});
expect
(
scannerText
()).
toBe
(
'
Scanner: some scanner
'
);
createWrapper
({
scanner
:
{
name
:
'
some
tool
'
}
});
expect
(
scannerText
()).
toBe
(
'
Tool: some tool
'
);
expect
(
link
().
element
instanceof
HTMLSpanElement
).
toBe
(
true
);
});
it
(
'
shows the scanner name and version but no link
'
,
()
=>
{
createWrapper
({
scanner
:
{
name
:
'
some scanner
'
,
version
:
'
1.2.3
'
}
});
expect
(
scannerText
()).
toBe
(
'
Scanner
: some scanner (version 1.2.3)
'
);
expect
(
scannerText
()).
toBe
(
'
Tool
: some scanner (version 1.2.3)
'
);
expect
(
link
().
element
instanceof
HTMLSpanElement
).
toBe
(
true
);
});
it
(
'
shows the scanner name only with a link
'
,
()
=>
{
createWrapper
({
scanner
:
{
name
:
'
some
scanner
'
,
url
:
'
//link
'
}
});
expect
(
scannerText
()).
toBe
(
'
Scanner: some scanner
'
);
createWrapper
({
scanner
:
{
name
:
'
some
tool
'
,
url
:
'
//link
'
}
});
expect
(
scannerText
()).
toBe
(
'
Tool: some tool
'
);
expect
(
link
().
attributes
(
'
href
'
)).
toBe
(
'
//link
'
);
});
it
(
'
shows the scanner name and version with a link
'
,
()
=>
{
createWrapper
({
scanner
:
{
name
:
'
some
scanner
'
,
version
:
'
1.2.3
'
,
url
:
'
//link
'
}
});
expect
(
scannerText
()).
toBe
(
'
Scanner: some scanner
(version 1.2.3)
'
);
createWrapper
({
scanner
:
{
name
:
'
some
tool
'
,
version
:
'
1.2.3
'
,
url
:
'
//link
'
}
});
expect
(
scannerText
()).
toBe
(
'
Tool: some tool
(version 1.2.3)
'
);
expect
(
link
().
attributes
(
'
href
'
)).
toBe
(
'
//link
'
);
});
});
...
...
locale/gitlab.pot
View file @
60f5a82a
...
...
@@ -663,15 +663,15 @@ msgstr ""
msgid "%{labelStart}Scan Type:%{labelEnd} %{reportType}"
msgstr ""
msgid "%{labelStart}Scanner:%{labelEnd} %{scanner}"
msgstr ""
msgid "%{labelStart}Sent request:%{labelEnd} %{headers}"
msgstr ""
msgid "%{labelStart}Severity:%{labelEnd} %{severity}"
msgstr ""
msgid "%{labelStart}Tool:%{labelEnd} %{scanner}"
msgstr ""
msgid "%{labelStart}Unmodified response:%{labelEnd} %{headers}"
msgstr ""
...
...
@@ -28052,6 +28052,9 @@ msgstr ""
msgid "Reports|Test summary results are being parsed"
msgstr ""
msgid "Reports|Tool"
msgstr ""
msgid "Reports|Vulnerability"
msgstr ""
...
...
@@ -29705,9 +29708,6 @@ msgstr ""
msgid "SecurityReports|Scan details"
msgstr ""
msgid "SecurityReports|Scanner"
msgstr ""
msgid "SecurityReports|Security Dashboard"
msgstr ""
...
...
@@ -29774,6 +29774,9 @@ msgstr ""
msgid "SecurityReports|To widen your search, change or remove filters above"
msgstr ""
msgid "SecurityReports|Tool"
msgstr ""
msgid "SecurityReports|Unable to add %{invalidProjectsMessage}: %{errorMessage}"
msgstr ""
...
...
@@ -38840,10 +38843,10 @@ msgstr ""
msgid "ciReport|All projects"
msgstr ""
msgid "ciReport|All s
canner
s"
msgid "ciReport|All s
everitie
s"
msgstr ""
msgid "ciReport|All
severitie
s"
msgid "ciReport|All
tool
s"
msgstr ""
msgid "ciReport|Automatically apply the patch in a new branch"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment