Switch to state_transitions property for security finding modal
What does this MR do and why?
As part of the vulnerability feedback deprecation, we are switching from using the dismissal_feedback
property in the finding to the state_transitions
property. This MR does the switch for the finding modal, which is used on both the pipeline security tab and the MR security widget. The state_transitions
property is used to show the dismissal note if the finding is dismissed, and whether the button in the footer shows "Dismiss vulnerability" or "Undo dismissal":
How to set up and validate locally
- This is behind the feature flag
deprecate_vulnerabilities_feedback
, but don't enable it yet. - Clone https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/test-remediations-for-issue-390071 and create a MR for the
remediate/test-vulnerability-1-D20230315T014155
branch. A pipeline should automatically run after the MR is created. - Go to the pipeline's security tab. You should see 2 vulnerabilities.
- This is where it gets a bit tricky. Both the old and new properties are in the finding and they mirror each other, so doing something to one will also update the other. This means that the code could be using the wrong property but still work. The best way I can think of to verify that the correct property is being used, is to manually modify the property and see if the UI responds:
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #390073 (closed)
Edited by Daniel Tian