Allow reverting a vulnerability back to detected state
Problem to solve
Today I set a vulnerability as Dismissed
because the advisory lead me to believe it was a false positive. After digging for a more information I noticed that in fact it was not a false positive and it was the proposed "solution" that didn't have enough information. At this point, I would have liked to revert the finding back to Detected
. I set it as Confirmed
because it seemed like a better option than a False-False-Positive, but in reality I haven't had the time to validate it yet and explore how this bug might affect us.
Intended users
User experience goal
It allows to rollback something that was done based on wrong information or simply to correct a user mistake.
Proposal
Add Detected
as one of the status we can set in this combo box
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Implementation plan
-
backend Create new service that will revert Vulnerability to detected
state (and that will remove all dismissal feedback for related finding and create a system note), -
backend Add API ( /vulnerabilities/:id/revert
) (first iteration) and GraphQL API (second iteration) to execute that service, -
frontend Present information about when and where given vulnerability was detected (https://gitlab.com/gitlab-org/gitlab/blob/b4c262e1a076128770a3b33c380b91bc633abdc5/ee/app/assets/javascripts/vulnerabilities/components/footer.vue#L212):Already tracked in #222346 (closed) -
frontend Extend VULNERABILITY_STATE_OBJECTS
(https://gitlab.com/gitlab-org/gitlab/blob/ff7a18920a6492bc73bcf2d5ce649443744bed61/ee/app/assets/javascripts/vulnerabilities/constants.js#L23) with options for reverting Vulnerability todetected
state
Edited by Alan (Maciej) Paruszewski