Create `Vulnerability` when interacting with a `Security::Finding` (part 1)
Why are we doing this work?
After #324857 (closed) is merged we should make sure to create a new Vulnerability when a user interacts with an unpersisted Finding (ie. goes to MR Security widget, clicks on a found Vulnerability and takes an action on it).
Implementation plan
-
backend Update service classes ee/app/services/vulnerabilities /{resolve,dismiss,revert_to_detected,confirm}_service.rb
to work on Vulnerabilities -
backend Add state transition entry for each service
The following point is moved to #368311 (closed)
-
backend Modify
Projects::VulnerabilityFeedbackController
to createVulnerability
on the fly for a given Finding and use the updated service classes to change it's state- This will not create a new feedback object, but only create a vulnerability.
- We will need to set the
present_on_default_branch
to false for these new vulnerabilities
Possible follow up items
- Currently our flow for creating issues is different when creating an Issue for a Vulnerability and when creating an Issue for a Vulnerabilities::Finding. The former takes you to the
Create issue
view with the Issue details populated so you can edit it before saving. The latter directly creates the issue without giving the user opportunity to edit the issue.
Testing
-
Since this is a significant backend refactor, check if existing E2E tests are broken by running Package and QA
and checkingSecure
results just before maintainer review
Verification steps
- Create a new project under https://gitlab.com/gitlab-org/secure/tests
-
Enable feature flag for that projectAs we removed the FF dependency from these services - Go to pipeline security tab/vulnerability report page
- Do the interactions (resolve, dismiss, revert_to_detected, confirm) with finding/vulnerability
- Make sure nothing is broken and we are creating feedback entires in db for these interactions
- Also check whether we are creating state transition entires for each of the interaction in db
Edited by Subashis Chakraborty