Resolve this Vulnerability - Resolve with Merge Request button MVC
Why are we doing this work
Resolve this Vulnerability is triggered by the user clicking a Cre
As an MVC, we are following the existing "Resolve with merge request" workflow that is available for dependency and container scanning vulnerabilities that include a patch:
https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#resolve-a-vulnerability
To keep things simple, we will add a new "resolve" button rather than adding a new menu option to the existing one (the buttons will be mutually exclusive due to scanner types). The new button should be available only for SAST vulnerabilities and when the resolve feature flag is enabled.
- Button: Resolve with merge request
- Menu item: Automatically apply the AI patch in a new branch"
Resolve This Vulnerability - Service classes to... (#426575 - closed) exposed a new GraphQL mutation that will create an MR and return its URL. Clicking this menu item should run the mutation and redirect the user to the MR.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
Requirements
- Reuse FF
resolve_vulnerability_ai
> #430963 (closed) - Display the "Resolve with merge request" that makes a mutation request to the resolveVulnerability > !133123 (merged)
- Once the response returns the link to the MR, we will redirect the user to the MR creation page
A link opens the destination in the same window by default.
- The "Resolve with merge request" button will appear for SAST vulnerability type, (reference)
- There will be 2 types of buttons:
- A. button-only:
- B. split-menu-button: append to the existing split-menu-button if it exists
A. Button | B. Split Menu Button |
---|---|
Note: follow up with @abellucci on order of option |
Iterative steps
Issue |
---|
Scenario A: Implement UI-only |
Scenario A: Implement loading status when clicked + and redirect to test UX |
Scenario A: Connect button to GraphQL and make mutation |
Scenario B: Implement UI with loading and redirect |
Scenario B: Connect button to GraphQL and make mutation |