Ensure "MR feedback" (creating an MR from a remediation) works as expected on new Standalone Vulnerabilities page
Problem to solve
Vulnerabilities can have solutions. In certain scenarios customers can fix vulnerabilities by applying the solution that GitLab automatically generates for you.
In our new Standalone Vulnerabilities page there are questions around whether this functionality is supported for vulnerabilities in scope for this automation remediation flow.
Intended users
Further details
Use cases for vulnerabilities that have the ability to be resolved via Merge Request:
IF nothing has been created from the vulnerability THEN the user can:
- Create issue
- Resolve with Merge Request
- Download patch
IF an issue has been created THEN the user can:
- Resolve with Merge Request
- Download patch
IF an MR has been created THEN the user can:
- Create an issue
IF a patch has been downloaded THEN the user can:
- Create issue
- Resolve with Merge Request
- Download patch
IF an issue has been created AND a merge request has been created from this button THEN the user can:
- (do nothing - button is removed) this mirrors the behavior today.
The download patch action is the only one that is not restricted to one action. The user can do this as many times as they please. The download patch function is removed when an MR has been created
Proposal
-
Confirm with UX (@andyvolpe) the expected behavior. - Identify use-cases where the 'Resolve with MR' option should display.
- BE & FE engineer troubleshoot any failing use cases tracked within this issue.
Documentation
What does success look like, and how can we measure that?
We should have feature parity with the current solution component in the security dashboards.