GitLab MR Vulnerability Widget

Adds a widget to GitLab merge request page showing vulnerabilities detected by Container Scanning.
Download

Extension stats

Users: 11
Rating: 5.00 (4)
Version: 0.0.1 (Last updated: 2024-10-22)
Creation date: 2024-10-17
Risk impact: Low risk impact
Risk likelihood: High risk likelihood
Manifest version: 3
Permissions:
  • activeTab
  • storage
Host permissions:
  • https://gitlab.com/*
Size: 26.25K

Ranking

# 123542 ▼ 735
Other rankings
#5566 in Developer Tools ▼ 6 #56 in widget keyword 14 ▼ 4 #205 in scan keyword 24 ▼ 6

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This extension adds a widget in the Gitlab merge request page showing critical and high vulnerabilities of a container image generated in the associated pipeline.

A container scanning job must exist in the pipeline. This job must generate a container scanning report artifact. To add a container scanning job, follow the steps defined here: https://docs.gitlab.com/ee/user/application_security/container_scanning/

The free version of Gitlab supports container scanning but does not support decoration of the merge request with vulnerability details. This extension fills that gap by decorating the merge request with a vulnerability widget.

Note: The extension requires configuring a personal access token with "read_api" scope to allow fetching the pipeline artifacts. This token is saved in Chrome storage with encryption and never leaves your browser. To create a personal access token, follow the steps here: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

Reference: Container scanning job: https://docs.gitlab.com/ee/user/application_security/container_scanning/ Container scanning report artifact: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscontainer_scanning Personal access token: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

User reviews

Nice plugin to show the found vulnerabilities. Too bad you can't see configure the levels you want to see, like medium level vulnerabilities
by Richard Bosch, 2024-10-24
Very useful as Gitlab user
by Alain Wouterlood, 2024-10-24
by Nahar Kazi, 2024-10-24
View all user reviews

Extension safety

Risk impact

GitLab MR Vulnerability Widget requires very minimum permissions.

Risk likelihood

GitLab MR Vulnerability Widget may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Upgrade to see risk analysis details

Promo images

GitLab MR Vulnerability Widget small promo image
Small promo image

Similar extensions

Here are some Chrome extensions that are similar to GitLab MR Vulnerability Widget:

Notifier for GitHub
Notifier for GitHub
Sindre Sorhus
4.72
10,000+
Google Apps Script GitHub Assistant
Google Apps Script GitHub Assistant
leonhartX
4.69
20,000+
Atom Material Icons
Atom Material Icons
https://material-theme.com
4.74
10,000+
DotGit
DotGit
davtur19
4.83
10,000+
Token Devtools Inspector
Token Devtools Inspector
sergio.gurillo11
5.00
552
Library Detector (Academic Tool)
Library Detector (Academic Tool)
aaronxyliu
5.00
197
GitKraken
GitKraken
https://gitkraken.dev
4.36
7,000+
LeetCode Tracker
LeetCode Tracker
jeff.gbeho
5.00
126
Coder
Coder
https://coder.com
N/A
35
Le Git Graph - Commits Graph for GitHub
Le Git Graph - Commits Graph for GitHub
https://scaria.dev
4.59
9,000+
GTLB CI logs viewer
GTLB CI logs viewer
7rulnik
N/A
646
Gitlab Enhancement Suite
Gitlab Enhancement Suite
gitlab.enhancement.suite
5.00
39