Notify user when a vulnerability is resolved
Problem to solve
When a vulnerability is fixed "resolved" aka (removed from the default branch) in a user's project, there is no way of notifying them in the vulnerability list and within the vulnerability page.
Intended users
Further details
We will need to provide some indication in the UI that a vulnerability has been fixed/removed from the default branch. This presents a problem that as someone using the vulnerability list, I have no idea which vulnerabilities have been addressed and which ones are still pending mitigation.
Proposal
When the system no longer detects a finding that was associated with a vulnerability -in the default branch- , provide the user with some type of visual indication that this has happened. This can be in either or both of the vulnerability list and the vulnerability page.
Design
Vulnerabiltiy list updates
Change:we are aligning the icons & badges with the vulnerability title to improve the overflow experience on the group and instance dashboard. These elements will not be right-aligned as decided previously.
| List with remediation badge | hover-state on_vuln | hover-state on badge |
|---|---|---|
 |
 |
 |
Group and instance level list
| Group and instance-level dashboard |
|---|
 |
Badge detail
| Popover | |
|---|---|
| img |  |
| Title copy | Vulnerability remediated. Review before resolving. |
| Body copy | The vulnerability is no longer detected. Verify the vulnerability has been fixed or removed before changing its status. |
| Hoverstate details |
|---|
 |
Note: Solution available does not exist ATM but it good to account for it here. |
Vulnerability page updates
| vuln page with alert |
|---|
 |
Alert details
| Vuln remediated alert | |
|---|---|
| img |  |
| Type: | alert-title |
| Variant: | Info |
| Dismissable: | Yes (user_agent only) |
| Title: | Vulnerability resolved in mater |
| Paragraph: | The vulnerability is no longer detected. Verify the vulnerability has been remediated before changing its status. |
Permissions and Security
It should only be accessible if the vulnerability itself could be viewed.
Documentation
Update relevant screenshots of the product to show these messages properly.
Testing
Test for both the success & error case. Ensure that the error message is appropriate for all cases or is specific to the error itself. Ensure messaging throughout the experience is clear.
What is the type of buyer?
Links / references
Implementation checklist
-
backend Add computed attribute to Vulnerabilitymodel exposing whether all findings have been resolved -
frontend Split into two issues: #207182 (closed) (standalone vuln page) & #207183 (closed) (vuln list page)