Create "add manual vulnerability" page
Why are we doing this work
Today, all vulnerability objects are created as a result of detections by our Secure scanners or that of an integrated 3rd-party scanner. However, this limits Vulnerability Management to only those vulnerabilities picked up by currently supported tools. To truly make our Vulnerability Management solution suitable for general-purpose use across an organization's entire SDLC (and possibly beyond), we need to provide users with the ability to manually create vulnerability objects.
Context
This issue is about creating a standalone page which is reachable from the Vulnerability Reports page. Here are a few points to keep in mind while developing this:
- Ideally, we want to create a new endpoint for this so that this form is easily linkable.
- This is a big issue. Consider breaking this up into multiple Merge Requests. Just to give an idea, perhaps consider creating a merge request for each of these sections:
- Name & Description
- Details
- Identifiers
- Evidence
- Solution
- When the form is submitted, it should redirect back to the Vulnerability Report page and display a success toaster like designed here: #204818[z04_Confirmation-Toast-in-Vuln-Report.png]
![#204818[z04_Confirmation-Toast-in-Vuln-Report.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/204818/designs/z04_Confirmation-Toast-in-Vuln-Report.png){kind=link}
Relevant links
Implementation plan
Here is an example API call: #10272 (comment 651413684)
-
Create new page for "add manual vulnerability" feature -
Implement the form in the design except for the Add evidencesection and its respective button and field (since that is tracked in #333620) -
Clicking the Submit button should redirect the user to the vulnerability details page -
The Submit button should be enabled at all times. If there are missing required fields when it is clicked, the required fields should be highlighted in red with an error message underneath them, and the page should scroll to the first required field. See this page for an example: https://gitlab.com/groups/new#create-group-pane
 |
NOTE: This feature will be inaccessible until #301005 (closed) is complete. Because we cannot create docs that are inaccessible until the feature is done, do not add documentation for this issue.