Use state_transitions on pipeline security list
What does this MR do and why?
As part of the vulnerability feedback deprecation, we are switching from using the dismissal_feedback property in the finding to the state_transitions property. This MR does the switch for the finding list in the pipeline security tab. The property is used to control whether the dismissal label and the dismissal comment icon (if there's a comment) is shown, and whether the action buttons on the right shows a dismissal or revert button:
| Old property | New property | Dismissed label | Dismiss/revert button |
|---|---|---|---|
 |
 |
 |
 |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- This is behind the feature flag
deprecate_vulnerabilities_feedback, but don't enable it yet. - Clone https://gitlab.com/svedova/test-remediations-v2 and run a pipeline against the main branch.
- Go to the pipeline's security tab. You should see 2 vulnerabilities.
- This is where it gets a bit tricky. Both the old and new properties are in the finding and they mirror each other, so doing something to one will also update the other. This means that the code could be using the wrong property but still work. The best way I can think of to verify that the correct property is being used, is to manually modify the property and see if the UI responds:
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #390073 (closed)
Edited by Daniel Tian