GitLab MR Vulnerability Widget

Adds a widget to GitLab merge request page showing vulnerabilities detected by Container Scanning.

GitLab MR Vulnerability Widget

Download
Install from Chrome Web Store

Extension stats

Users: 14
2
Rating: 5.00
(4)
Version: 0.0.1 (Last updated: 2024-10-22)
Creation date: 2024-10-17
Risk impact: Low risk impact
Risk likelihood:
Moderate risk likelihood
Manifest version: 3
Permissions:
  • activeTab
  • storage
Host permissions:
  • https://gitlab.com/*
Size: 26.25K

Ranking

# 119,249 ▲ 346
Other rankings
#5525 in Developer Tools ▲ 12 #58 in widget keyword 15 ▲ 1 #203 in scan keyword 23 ▲ 6

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This extension adds a widget in the Gitlab merge request page showing critical and high vulnerabilities of a container image generated in the associated pipeline.

A container scanning job must exist in the pipeline. This job must generate a container scanning report artifact. To add a container scanning job, follow the steps defined here: https://docs.gitlab.com/ee/user/application_security/container_scanning/

The free version of Gitlab supports container scanning but does not support decoration of the merge request with vulnerability details. This extension fills that gap by decorating the merge request with a vulnerability widget.

Note: The extension requires configuring a personal access token with "read_api" scope to allow fetching the pipeline artifacts. This token is saved in Chrome storage with encryption and never leaves your browser. To create a personal access token, follow the steps here: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

Reference: Container scanning job: https://docs.gitlab.com/ee/user/application_security/container_scanning/ Container scanning report artifact: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscontainer_scanning Personal access token: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

User reviews

Nice plugin to show the found vulnerabilities. Too bad you can't see configure the levels you want to see, like medium level vulnerabilities
by Richard Bosch, 2024-10-24
Very useful as Gitlab user
by Alain Wouterlood, 2024-10-24
by Nahar Kazi, 2024-10-24
View all user reviews

Extension safety

Risk impact

GitLab MR Vulnerability Widget requires very minimum permissions.

Risk likelihood

GitLab MR Vulnerability Widget is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this extension.

Upgrade to see risk analysis details

Promo images

GitLab MR Vulnerability Widget small promo image
Small promo image

Similar extensions

Here are some Chrome extensions that are similar to GitLab MR Vulnerability Widget:

Google Apps Script GitHub Assistant
Google Apps Script GitHub Assistant
leonhartX
4.69
20,000+
DotGit
DotGit
davtur19
4.83
10,000+
Library Detector (Academic Tool)
Library Detector (Academic Tool)
aaronxyliu
5.00
214
GitKraken
GitKraken
https://gitkraken.dev
4.36
7,000+
GitIngest - Turn any Git repo to a LLM-friendly prompt
GitIngest - Turn any Git repo to a LLM-friendly prompt
https://gitingest.com
4.80
499
LeetCode Tracker
LeetCode Tracker
jeff.gbeho
4.33
194
Le Git Graph - Commits Graph for GitHub
Le Git Graph - Commits Graph for GitHub
https://scaria.dev
4.59
9,000+
Github Package.json Enhancer
Github Package.json Enhancer
abdulghani.tech
5.00
46
Gitlab MR shortcuts
Gitlab MR shortcuts
Zineb Elouarradi
5.00
6
GTLB CI logs viewer
GTLB CI logs viewer
7rulnik
N/A
595
Gitlab Enhancement Suite
Gitlab Enhancement Suite
gitlab.enhancement.suite
5.00
36
Kamino
Kamino
John Murphy
4.90
688