Add "Submit Vulnerability" button to Vulnerability Reports page
Why are we doing this work
Today, all vulnerability objects are created as a result of detections by our Secure scanners or that of an integrated 3rd-party scanner. However, this limits Vulnerability Management to only those vulnerabilities picked up by currently supported tools. To truly make our Vulnerability Management solution suitable for general-purpose use across an organization's entire SDLC (and possibly beyond), we need to provide users with the ability to manually create vulnerability objects.
Relevant design issues:
| Add button | #204818[b01_project-dashboard_all-cases.png] |
| Popover tooltip | #204818[z01_new-feature-intro.png] |
![#204818[b01_project-dashboard_all-cases.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/204818/designs/b01_project-dashboard_all-cases.png){kind=link}
![#204818[z01_new-feature-intro.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/204818/designs/z01_new-feature-intro.png){kind=link}
Context
Once #301003 (closed) is complete or at least ready to be used, we'll need to make it linkable from the Vulnerability Reports page. This issue is about adding that button.
- When the user hovers on the button, make sure to display an intro message like designed here: #204818[z01_new-feature-intro.png]
Relevant links
- Design Issue
-
Desired outcome - mock (See the
+ Findingon top right - this text has been changed in the associated design discussion from+ FindingtoSubmit Vulnerability, designs were updates were agreed to be unnecessary).
Implementation plan
-
This work should be done behind a feature flag. The feature flag does not exist yet. -
Add the Submit Vulnerabilitybutton to the vulnerability reports page -
As per #301005 (comment 678272223), wait till #333624 (closed) is completed in order to proceed with this issue. Adding the link is fairly simple so we'll do it at last when we know that "Add Manual Vulnerability" page is working properly.
Edited by Savas Vedova