Understanding the different types of security reports
All GitLab security scanners display their results in three separate reports. Because each report shows results from all of the scanners, there’s no need to bounce around the GitLab GUI, collecting information from all the different scanners. However, each of the three report locations presents a slightly different spin on the scanners’ findings. It’s important to understand how these three reports differ, so let’s look at each one:
- The vulnerability report is the report that we’ve shown in screenshots throughout this chapter. It shows the findings of any scanner that ran during the last pipeline on your project’s default branch (normally
main
ormaster
). If you want to know how secure your stable code base is, look at the vulnerability report. It won’t tell you anything about the state of security on any feature or bugfix branches – only the default branch. - The...