extension ExtPose

GitLab MR Vulnerability Widget

CRX id

pdepablkdfgdadoleeghhajaapcbilio-

Description from extension meta

Adds a widget to GitLab merge request page showing vulnerabilities detected by Container Scanning.

Image from store GitLab MR Vulnerability Widget
Description from store This extension adds a widget in the Gitlab merge request page showing critical and high vulnerabilities of a container image generated in the associated pipeline. A container scanning job must exist in the pipeline. This job must generate a container scanning report artifact. To add a container scanning job, follow the steps defined here: https://docs.gitlab.com/ee/user/application_security/container_scanning/ The free version of Gitlab supports container scanning but does not support decoration of the merge request with vulnerability details. This extension fills that gap by decorating the merge request with a vulnerability widget. Note: The extension requires configuring a personal access token with "read_api" scope to allow fetching the pipeline artifacts. This token is saved in Chrome storage with encryption and never leaves your browser. To create a personal access token, follow the steps here: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html Reference: Container scanning job: https://docs.gitlab.com/ee/user/application_security/container_scanning/ Container scanning report artifact: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscontainer_scanning Personal access token: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

Statistics

Installs
Category
Rating
5.0 (4 votes)
Last update / version
2024-10-22 / 0.0.1
Listing languages

Links