Skip to content

fix: Scope MarkDroppedAsResolved worker to scan_type

What does this MR do and why?

By scoping dropped_identifier identification by scan_type we avoid resolving vulnerability types which do not match the given report type.

Previously vulnerabilities_resolved_on_default_branch would target all resolved vulnerabilities and compare it against the subset of identifiers returned by reports providing scan.primary_identifiers.

This essentially meant the presence of any (currently only provided by SAST) could result in resolving untriaged, detected vulnerabilities across all scan_types

Change is currently behind a feature flag so no changelog entry needed

See latest comment from testing: #375128 (comment 1211526648)

Relates to #368284 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lucas Charles

Merge request reports

Loading