Skip to content

[Frontend] Vulnerability details page - use mergeRequestLinks instead of mergeRequestFeedback

On the vulnerability details page, vulnerability.mergeRequestFeedback is used in 2 places:

  1. To show the merge request note in the footer.
  2. To determine if the "Create MR" button should show in the header, and to redirect to the MR after it's created.

As part of the vulnerability feedback deprecation, we should use vulnerability.mergeRequestLinks instead.

Verification Steps

  1. Clone this project: https://gitlab.com/svedova/test-remediations-v2 into this group: https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects
  2. Run a pipeline against the main branch of the project, then go to the vulnerability report. There should be 2 vulnerabilities.
  3. We need to first test the feature flag off behavior. Click on the first vulnerability to go to the details page, then click the Resolve with merge request button on the upper right. You should be redirected to the merge request.
  4. Click the browser's back button to go back to the vuln details page, then refresh the page.
  5. Follow this video to verify that the old mergeRequestFeedback property is being used:

Part_1

  1. Now we need to enable the feature flag. Go to the #production Slack channel and run the following chatops command, replacing the project path with the one you created:
/chatops run feature set deprecate_vulnerabilities_feedback true --project=<path/to/project>\
  1. Re-run steps 3-5, but for the 2nd vulnerability in the vulnerability report. Then follow this video to verify that mergeRequestLinks is being used:

Part_2

Edited by Daniel Tian