Notify user when a vulnerability is resolved on new standalone vulnerability page

Problem to solve

When a vulnerability is fixed "resolved" aka (removed from the default branch) in a user's project, there is no way of notifying them in the vulnerability list and within the vulnerability page.

Intended users

• Sidney (Systems Administrator)
• Sam (Security Analyst)

Further details

We will need to provide some indication in the UI of the standalone vulnerability page that a vulnerability has been fixed/removed from the default branch. This presents a problem that as someone using the vulnerability list, I have no idea which vulnerabilities have been addressed and which ones are still pending mitigation.

Proposal

When the system no longer detects a finding that was associated with a vulnerability -in the default branch- , provide the user with some type of visual indication that this has happened. This can be in either or both of the vulnerability list and the vulnerability page.

Design

Vulnerability page updates

See feature issue: #35860 (closed)

Alert details

See feature issue: #35860 (closed)

Permissions and Security

It should only be accessible if the vulnerability itself could be viewed.

Documentation

Update relevant screenshots of the product to show these messages properly.

Testing

Test for both the success & error case. Ensure that the error message is appropriate for all cases or is specific to the error itself. Ensure messaging throughout the experience is clear.

What is the type of buyer?

GitLab Ultimate

Links / references

• System notes to notify users instead
• Standalone vulnerability

Implementation checklist

• backend See #35860 (closed)
• frontend Display notification when a vulnerability has all findings resolved but is still in a detected state