Limit the number identifiers associated with a finding
Currently, there is no limit on how many identifiers a finding can have.
If a finding has hundreds of identifiers, serializing them into one CSV column will make it harder to navigate for the end-user. It could also potentially break the UI as we don't test findings with more than a few associations.
This was a feedback of the maintainer here: !43179 (comment 418720058)
Implementation Plan
-
documentation Document in https://gitlab.com/gitlab-org/gitlab/blob/master/doc/development/integrations/secure.md#L354 that you cannot have more than 20 identifiers in security report and only first 20 identifiers will be saved into finding. -
backend In StoreReportService
(https://gitlab.com/gitlab-org/gitlab/blob/417ccb03d9b72022af1539541d5b408cb78d55c0/ee/app/services/security/store_report_service.rb#L57) limit saved identifiers to max 20 (set and use the constant inVulnerabilities::FindingIdentifier
model)
Edited by Alan (Maciej) Paruszewski