Container Scanning Results Not Showing Up in Dashboard / Report

kyle.cacciatore · January 27, 2022, 2:30pm

We recently upgraded to Ultimate, and I’m testing out the scanning capabilities. I’ve been testing out the SAST features, building out an app with known issues to generate findings. I’ve added container scanning, and see in the job log that vulnerabilities are found, and the report artifact is generated, but the findings do not show up in the Dashboard or the Vulnerability report.

include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Docker.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml

stages:
- build
- test
- deploy

variables:
    SECURE_LOG_LEVEL: 'debug'
    
container_scanning:
  variables:
    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA

deploy-prod:
  stage: deploy
  script:
  - echo "This job deploys something from the $CI_COMMIT_BRANCH branch."

kyle.cacciatore · February 17, 2022, 3:27pm

For anyone looking for an answer to this, the reason results were not showing up was that the pipeline was not running on the default branch. non-default branch results should be available via a link in the pipeline

Topic		Replies	Views
Unable to view SAST Scan Reports in Pipeline View DevSecOps ci , runner , sast	1	2523	February 26, 2022
Container scanning doesnt add anything to the Merge request DevSecOps	0	344	January 23, 2020
SAST UI report is not present in merge request widget (tab) DevSecOps sast	3	2022	January 16, 2024
Container Scanning Disable Dependency List Not Working DevSecOps ci	1	898	January 31, 2022
Container Scanning for multiple images DevSecOps ci , runner	3	4397	December 20, 2019

Container Scanning Results Not Showing Up in Dashboard / Report

Related topics