Skip to content

Update MR security widget to read from new properties

Daniel Tian requested to merge 390074-fix-mr-security-widget-data into master

What does this MR do and why?

When the vulnerability_feedback_deprecation feature flag is enabled, we can no longer read from the merge_request_feedback, issue_feedback, and dismissal_feedback properties on a security finding, and must switch to merge_request_links, issue_links, and state_transitions. This MR does the switch for the MR security widget:

ksnip_20230328-233723

How to set up and validate locally

  1. Disable the deprecate_vulnerabilities_feedback feature flag.
  2. Clone this project: https://gitlab.com/svedova/test-remediations-v2
  3. Create a MR for the main-patch-b708 branch. A pipeline should automatically for the branch, but if it doesn't, manually run it.
  4. Refresh the MR widget so that the security widget shows 2 results.
  5. Create a MR, create an issue, and dismiss the finding with a comment. All 3 operations should complete successfully. It's best to do these for just one finding so that the other one can be used for the next test.
  6. Repeat the above, but this time with the deprecate_vulnerabilities_feedback feature flag enabled.

Feature flag off

Feature flag on

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #390074 (closed)

Edited by Daniel Tian

Merge request reports

Loading