Fire Webhooks Upon CI Report Data Ingestion

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

One of the strengths of GitLab CI is its ability to ingest disparate sources of information via job artifact reports and leverage the data within the artifacts to provide relevant information for Merge Requests and Analytical data all within GitLab; allowing GitLab to realize its vision of being a single application for the entire DevOps Lifecycle. Today, we have opened up this ability to ship this information out to external systems via a simple webhook integration. This opens the door for us to partner with other products to ship data directly to them.

Problem to solve

For users that have existing data management solutions inside of their SDLCs, having data that comes from CI Reports (i.e. security scans feeding vulnerability management systems, or test results feeding test management systems) could provide significant benefit. Currently, there is no good way to systematically ship security vulnerability or test result data to external management systems.

Intended users

• Sam (Security Analyst)
• Simone (Software Engineer in Test)

Metrics

Usage of this feature would be tracked by identifying the number of webhooks that have been created to fire off CI Reports (security scans, unit tests, metrics, etc...).

User experience goal

Users would be able to create a webhook event that sends payloads of data ingested from the CI Report mechanism and send it to an external system upon ingestion of that data.

Proposal

The solution would be to setup webhooks to listen for CI Report data changes and have them fire off. The report data would be transmitted via a JSON Payload to the external system for which a webhook has been created.

MVC would be for all JSON-based reports. For example, all of our security scans are stored as JSON. Additionally, accessibility and terraform is also stored in JSON.

Further details

Once the webhook data is available, we can then potentially build integrations with other Vulnerability Management or Test Management systems.

Permissions and Security

Documentation

Availability & Testing

Available Tier

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.