fix: Scope MarkDroppedAsResolved worker to scan_type (!107168) · Merge requests · GitLab.org / GitLab

Lucas Charles requested to merge scope-mark-dropped-as-dismissed-to-scan_type into master Dec 16, 2022

What does this MR do and why?

By scoping dropped_identifier identification by scan_type we avoid resolving vulnerability types which do not match the given report type.

Previously vulnerabilities_resolved_on_default_branch would target all resolved vulnerabilities and compare it against the subset of identifiers returned by reports providing scan.primary_identifiers.

This essentially meant the presence of any (currently only provided by SAST) could result in resolving untriaged, detected vulnerabilities across all scan_types

Change is currently behind a feature flag so no changelog entry needed

See latest comment from testing: #375128 (comment 1211526648)

Relates to #368284 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 16, 2022 by Lucas Charles

fix: Scope MarkDroppedAsResolved worker to scan_type

What does this MR do and why?

MR acceptance checklist

Merge request reports