Hello
Trying to get the SAST report in UI in the merge requests tab but instead of this can only see this:
As i see from documentation such reports should be present out of the box in all versions, not in Ultimate only. Static Application Security Testing (SAST) | GitLab
So, where is the problem then? Please advise how to get the UI report for SAST. Thanks in advance.
The expected result pictured in your request I believe is part of the advanced security reporting that you get with the Ultimate subscription. At other levels I’m fairly certain the only visibility you have into your SAST findings will be the json files which can be downloaded via the download results button. The report includes various information that is being shown in the security dashboard but the burden of leveraging / maintaining that will be placed on the user. I’m not 100% on that but 99.99% as I’ve used the SAST functionality with both the CE and the free tier on the cloud platform. Depending on your language there may be multiple reports. If you are serious about tracking these I would suggest downloading them programmatically (haven’t done that yet but fairly confident it can be done) and then parsing the files.
This is such a selfish move by GitLab. Even Premium doesn’t get the widget. This contributes to bad security culture as people has to pay up a lot to even get the widget in the MR main page.
I believe if devs has to go the pipeline page, or to download the SAST file, then it is bad UX. It supports developing bad security culture. Also giving security a bad reputation - that hassle we don’t have time to do.
We are using the JUnit template now to get the results on the MR main page. That means that we don’t get proper illustrations of the vulnerabilities. They all turn red instead of having the colors of the severity. It is not perfect, but it is better than having to download the SAST file…
The security dashboard won’t work without ultimate either. So if someone wants an overview of findings, they would have to utilize another tool. I am disappointed 
Thanks for your feedback. You can learn more about the business model, and features in tiers in Our stewardship of GitLab | The GitLab Handbook You can also open an issue to make an argument moving features down in tiers.
