GitLab CI/CD artifacts reports types (FREE)
Use artifacts:reports
to:
- Collect test reports, code quality reports, security reports, and other artifacts generated by included templates in jobs.
- Some of these reports are used to display information in:
- Merge requests.
- Pipeline views.
- Security dashboards.
The test reports are collected regardless of the job results (success or failure).
You can use artifacts:expire_in
to set up an expiration
date for their artifacts.
Some artifacts:reports
types can be generated by multiple jobs in the same pipeline, and used by merge request or
pipeline features from each job.
To be able to browse the report output files, include the artifacts:paths
keyword.
NOTE: Combined reports in parent pipelines using artifacts from child pipelines is not supported. Track progress on adding support in this issue.
artifacts:reports:accessibility
Introduced in GitLab 12.8.
The accessibility
report uses pa11y to report on the accessibility impact
of changes introduced in merge requests.
GitLab can display the results of one or more reports in the merge request accessibility widget.
For more information, see Accessibility testing.
artifacts:reports:api_fuzzing
(ULTIMATE)
- Introduced in GitLab 13.4.
- Requires GitLab Runner 13.4 or later.
The api_fuzzing
report collects API Fuzzing bugs
as artifacts.
GitLab can display the results of one or more reports in:
- The merge request security widget.
- The Project Vulnerability report.
- The pipeline Security tab.
- The security dashboard.
artifacts:reports:browser_performance
(PREMIUM)
Name changed from
artifacts:reports:performance
in GitLab 14.0.
The browser_performance
report collects Browser Performance Testing metrics
as artifacts.
GitLab can display the results of one report in the merge request browser performance testing widget.
GitLab cannot display the combined results of multiple browser_performance
reports.
artifacts:reports:cluster_image_scanning
(ULTIMATE)
- Introduced in GitLab 14.1.
- Requires GitLab Runner 14.1 and above.
The cluster_image_scanning
report collects CLUSTER_IMAGE_SCANNING
vulnerabilities. The collected
CLUSTER_IMAGE_SCANNING
report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
artifacts:reports:cobertura
(DEPRECATED)
- Introduced in GitLab 12.9.
- Deprecated in GitLab 14.9.
WARNING:
This feature is in its end-of-life process. It is deprecated in GitLab
14.9 and replaced with artifacts:reports:coverage_report
in 14.10.
The cobertura
report collects Cobertura coverage XML files.
The collected Cobertura coverage reports upload to GitLab as an artifact.
GitLab can display the results of one or more reports in the merge request diff annotations.
Cobertura was originally developed for Java, but there are many third-party ports for other languages such as JavaScript, Python, and Ruby.
artifacts:reports:coverage_report
Introduced in GitLab 14.9.
Use coverage_report
to collect coverage report in Cobertura format, similar to artifacts:reports:cobertura
.
NOTE:
artifacts:reports:coverage_report
cannot be used at the same time with artifacts:reports:cobertura
.
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura-coverage.xml
The collected coverage report is uploaded to GitLab as an artifact.
GitLab can display the results of coverage report in the merge request diff annotations.
artifacts:reports:codequality
Moved to GitLab Free in 13.2.
The codequality
report collects code quality issues. The
collected code quality report uploads to GitLab as an artifact.
GitLab can display the results of:
- One or more reports in the merge request code quality widget.
- Only one report in:
- The merge request diff annotations. Track progress on adding support for multiple reports in this issue.
- The full report. Track progress on adding support for multiple reports in this issue.
artifacts:reports:container_scanning
(ULTIMATE)
The container_scanning
report collects Container Scanning vulnerabilities.
The collected Container Scanning report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request container scanning widget.
- The pipeline Security tab.
- The security dashboard.
- The Project Vulnerability report.
artifacts:reports:coverage_fuzzing
(ULTIMATE)
- Introduced in GitLab 13.4.
- Requires GitLab Runner 13.4 or later.
The coverage_fuzzing
report collects coverage fuzzing bugs.
The collected coverage fuzzing report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request coverage fuzzing widget.
- The pipeline Security tab.
- The Project Vulnerability report.
- The security dashboard.
artifacts:reports:dast
(ULTIMATE)
The dast
report collects DAST vulnerabilities. The collected DAST
report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request security widget.
- The pipeline Security tab.
- The Project Vulnerability report.
- The security dashboard.
artifacts:reports:dependency_scanning
(ULTIMATE)
The dependency_scanning
report collects Dependency Scanning vulnerabilities.
The collected Dependency Scanning report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request dependency scanning widget.
- The pipeline Security tab.
- The security dashboard.
- The Project Vulnerability report.
- The dependency list.
artifacts:reports:dotenv
Introduced in GitLab 12.9.
The dotenv
report collects a set of environment variables as artifacts.
The collected variables are registered as runtime-created variables of the job, which you can use to set dynamic environment URLs after a job finishes.
If duplicate environment variables are present in a dotenv
report:
- In GitLab 14.6 and later, the last one specified is used.
- In GitLab 14.5 and earlier, an error occurs.
The exceptions to the original dotenv rules are:
- The variable key can contain only letters, digits, and underscores (
_
). - The maximum size of the
.env
file is 5 KB. This limit can be changed on self-managed instances. - On GitLab.com, the maximum number of inherited variables
is 50 for Free, 100 for Premium and 150 for Ultimate. The default for
self-managed instances is 150, and can be changed by changing the
dotenv_variables
application limit. - Variable substitution in the
.env
file is not supported. - The
.env
file can't have empty lines or comments (starting with#
). - Key values in the
env
file cannot have spaces or newline characters (\n
), including when using single or double quotes. - Quote escaping during parsing (
key = 'value'
->{key: "value"}
) is not supported.
artifacts:reports:junit
The junit
report collects JUnit report format XML files.
The collected Unit test reports upload to GitLab as an artifact. Although JUnit was originally developed in Java, there
are many third-party ports for other languages such as JavaScript, Python, and Ruby.
See Unit test reports for more details and examples. Below is an example of collecting a JUnit report format XML file from Ruby's RSpec test tool:
rspec:
stage: test
script:
- bundle install
- rspec --format RspecJunitFormatter --out rspec.xml
artifacts:
reports:
junit: rspec.xml
GitLab can display the results of one or more reports in:
- The merge request code quality widget.
- The full report.
Some JUnit tools export to multiple XML files. You can specify multiple test report paths in a single job to concatenate them into a single file. Use either:
- A filename pattern (
junit: rspec-*.xml
). - an array of filenames (
junit: [rspec-1.xml, rspec-2.xml, rspec-3.xml]
). - A Combination of both (
junit: [rspec.xml, test-results/TEST-*.xml]
).
artifacts:reports:license_scanning
(ULTIMATE)
Introduced in GitLab 12.8.
The License Compliance report collects Licenses. The License Compliance report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request license compliance widget.
- The license list.
artifacts:reports:load_performance
(PREMIUM)
- Introduced in GitLab 13.2.
- Requires GitLab Runner 11.5 and above.
The load_performance
report collects Load Performance Testing metrics.
The report is uploaded to GitLab as an artifact.
GitLab can display the results of only one report in the merge request load testing widget.
GitLab cannot display the combined results of multiple load_performance
reports.
artifacts:reports:metrics
(PREMIUM)
The metrics
report collects Metrics. The collected Metrics report uploads to GitLab as an
artifact.
GitLab can display the results of one or more reports in the merge request metrics reports widget.
artifacts:reports:requirements
(ULTIMATE)
- Introduced in GitLab 13.1.
The requirements
report collects requirements.json
files. The collected Requirements report uploads to GitLab as an
artifact and existing requirements are marked as Satisfied.
GitLab can display the results of one or more reports in the project requirements.
artifacts:reports:sast
- Moved from GitLab Ultimate to GitLab Free in 13.3.
The sast
report collects SAST vulnerabilities. The collected SAST
report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request SAST widget.
- The security dashboard.
artifacts:reports:secret_detection
- Introduced in GitLab 13.1.
- Moved to GitLab Free in 13.3.
- Requires GitLab Runner 11.5 and above.
The secret-detection
report collects detected secrets.
The collected Secret Detection report is uploaded to GitLab.
GitLab can display the results of one or more reports in:
- The merge request secret scanning widget.
- The pipeline Security tab.
- The security dashboard.
artifacts:reports:terraform
- Introduced in GitLab 13.0.
- Requires GitLab Runner 11.5 and above.
The terraform
report obtains a Terraform tfplan.json
file. JQ processing required to remove credentials.
The collected Terraform plan report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in the merge request terraform widget.
For more information, see Output terraform plan
information into a merge request.