Commit a8a42ab0 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'dast-in-group-dashboard-be' into 'master'

Show DAST in Group Security Dashboard Back-End

See merge request gitlab-org/gitlab-ee!10277
parents edaa8a5f da111e74
......@@ -34,14 +34,16 @@ each one separately.
The group security dashboard supports [SAST](../../project/merge_requests/sast.md),
[Dependency Scanning](../../project/merge_requests/dependency_scanning.md),
and [Container Scanning](../../project/merge_requests/container_scanning.md).
[Container Scanning](../../project/merge_requests/container_scanning.md),
and [DAST](../../project/merge_requests/dast.md).
## Requirements
To use the group security dashboard:
1. At least one project inside a group must be configured with
[Static Application Security Testing](../../project/merge_requests/sast.md), or [Dependency Scanning](../../project/merge_requests/dependency_scanning.md).
[Static Application Security Testing](../../project/merge_requests/sast.md), or [Dependency Scanning](../../project/merge_requests/dependency_scanning.md),
or [Container Scanning](../../project/merge_requests/container_scanning.md), or [Dynamic Application Security Testing](../../project/merge_requests/dast.md).
2. The configured jobs must use the [new `reports` syntax](../../../ci/yaml/README.md#artifactsreports) (see an [example job](../../../ci/examples/sast.md)).
3. [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or above must be used to execute the jobs.
......
......@@ -3,11 +3,6 @@
class Groups::Security::VulnerabilitiesController < Groups::Security::ApplicationController
HISTORY_RANGE = 3.months
# NOTE: we need this scope because DAST vulnerabilities
# shouldn't appear in the Group Dashboard in the same as we're starting
# to save them in the database
DEFAULT_REPORT_SCOPE = [:sast, :dependency_scanning, :container_scanning].freeze
def index
vulnerabilities = found_vulnerabilities.ordered.page(params[:page])
......@@ -44,10 +39,8 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio
private
def filter_params
filter_params = params.permit(report_type: [], project_id: [], severity: [])
.merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
filter_params[:report_type] ||= DEFAULT_REPORT_SCOPE
filter_params
params.permit(report_type: [], project_id: [], severity: [])
.merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
end
def found_vulnerabilities(collection = :latest)
......
......@@ -65,7 +65,7 @@ module EE
::Feature.disabled?(:parse_container_scanning_reports, default_enabled: true)
next if file_type == "dast" &&
::Feature.disabled?(:parse_dast_reports, default_enabled: false)
::Feature.disabled?(:parse_dast_reports, default_enabled: true)
security_reports.get_report(file_type).tap do |security_report|
next unless project.feature_available?(LICENSED_PARSER_FEATURES.fetch(file_type))
......
---
title: Show DAST in Group Security Dashboard Back-End
merge_request: 10277
author:
type: added
......@@ -108,7 +108,6 @@ describe Groups::Security::VulnerabilitiesController do
context 'with multiple report types' do
before do
projects.each do |project|
create_vulnerabilities(1, project_guest, { report_type: :dast })
create_vulnerabilities(2, project_guest, { report_type: :sast })
create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning })
end
......@@ -219,14 +218,14 @@ describe Groups::Security::VulnerabilitiesController do
group.add_developer(user)
end
it 'returns vulnerabilities counts for :sast and :dependency_scanning' do
it 'returns vulnerabilities counts for all report types' do
subject
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['high']).to eq(3)
expect(json_response['low']).to eq(3)
expect(json_response['medium']).to eq(0)
expect(json_response['low']).to eq(4)
expect(json_response['medium']).to eq(1)
expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
end
......@@ -323,11 +322,11 @@ describe Groups::Security::VulnerabilitiesController do
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 3 })
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
expect(json_response['medium']).to eq({})
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 2 })
expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment