Creates a standalone HTML GitLab vulnerability report using artifacts from GitLab DAST scanning tools.
Currently, the script relies on files generated by GitLab's DAST scanning tools to identify vulnerabilities. It doesn't directly access vulnerability data from GitLab using its GraphQL API. While we're considering adding the API approach as an option in the future, this script will continue using files for now.
We chose to use file based DAST results because they are guaranteed to be available during the GitLab pipeline job. In contrast, API-based results might not be fully integrated into GitLab's vulnerability repository by the time the pipeline finishes, or even several minutes afterward.
The below image shows an example output (redacted - so it doesn't show all the data).
Note: The script is available as an image @ easternresearchgroup/gitlab_vulnerability_report_creator - Docker Image | Docker Hub.
Example Running the script local with Node:
node gitlab_vulnerability_report_creator.js --output {{path to report output folder}}/report.html {{path to folder}}/gitlab-dast.json {{path to folder}}/gitlab-dast-api.json
Note: You can pass one or many GitLab based DAST scan result files into the script, it will combine the results into one report.
This code is provided on an "as is" basis and the user assumes responsibility for its use. ERG has relinquished control of the information and no longer has responsibility to protect the integrity, confidentiality, or availability of the information. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation or favoring by ERG.