Enhance GitLab Merge Requests with Vulnerability Insights
The GitLab MR Vulnerability Widget is a Chrome extension designed to enhance the GitLab merge request experience by displaying critical and high vulnerabilities detected in container images. By integrating seamlessly into the merge request page, this tool provides valuable insights derived from container scanning reports generated during the CI/CD pipeline process. It effectively bridges the gap left by the free version of GitLab, which does not display vulnerability details directly within merge requests.
To utilize this extension, users must ensure that a container scanning job exists in their pipeline and that it produces a report artifact. Additionally, configuring a personal access token with 'read_api' scope is necessary for the extension to fetch relevant pipeline artifacts securely. The token is stored in Chrome's encrypted storage, ensuring user privacy and security. This widget is a useful tool for developers aiming to maintain secure code practices.
