Make sure resolved Vulnerabilties that show up in subsequent scans are marked as detected
Why are we doing this work
When working on Improve Vulnerability Page details (!86736 - merged) it came to our attention that if a Vulnerability is marked as resolved AND shows up in the same place in a subsequent scan (is reintroduced in the same place) we wouldn't update it's status.
How does it work currently?
If a Vulnerability is resolved and is found in subsequent scan ⟶ state remains unchanged and resolved_on_default_branch is set to false
How do we want it to work?
If a Vulnerability is resolved and is found in subsequent scan ⟶ set state to :detected and resolved_on_default_branch is set to false
Implementation plan
-
backend Update
Security::Ingestion::Task::IngestVulnerabilities::Update(ee/app/services/security/ingestion/tasks/ingest_vulnerabilities/update.rb) to change the Vulnerability state to:detectedif it was:resolved