Support markdown in solution field for vulnerability finding modal
Summary
The vulnerability finding modal does not support markdown in the solution field yet (see screenshot). However, this is available on the vulnerability detail page's footer.
The VulnerabilityFindingModal uses the SolutionCardGraphl.vue, while the details page uses the SolutionCard.vue component. That last one supports markdown format.
Implementation details
- Update graphql query security_report_finding.query.graphql to include
solutionHtml
- Pass
solutionHtml
tosolution-card
- Use
renderGFM()
insolution_card_graphql.vue
and v-safe-html directive - Update spec accordingly
- Add markdown field
solution_html
to pipeline_security_report_finding_type.rb with a resolver that convertssolution
tosolution_html
. - Update spec accordingly
Verification steps
- Go to https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/verify-452483/-/pipelines/1303958639/security
- Open the critical finding
- Verify it renders GitLab flavored Markdown, i.e. it renders the mermaid chart in the solution field. The solution label and bulb icon are also aligned to the top of the GlCard, where previously this would have been aligned vertical central.
Edited by Lorenz van Herwaarden