Add commit link that removed vulnerability
Problem to solve
Today, we indicate when a vulnerability is no longer detected. However, we do not provide users a way to see when or where the vulnerability was removed/resolved. This makes it very difficult to find the specific commit associated with the vulnerability's removal. Security teams want to know this information so they can easily verify if the vulnerability was truly fixed or need further remediation action before they mark the vulnerability as Resolved
.
Solution
Provide a link to the commit that caused the vulnerability to be marked as no longer detected
. Show this link in the activity timeline. The commit can be used to easily find the source pipeline/MR associated with the change if this information is needed.
Edited by Becka Lippert