Update SAST auto-resolution comment to include link with more context
What does this MR do and why?
This merge request updates the vulnerability auto-resolution comment to include a documentation link with more context.
Please note: I disabled the GitLab/DocUrl
rubocop for this method because the comment is saved as a System Note (see screenshots below), and therefore, html tags (e.g. <a href=""></a>
) are escaped and not displayed. I don't mind using help_page_url
helper in principle, but for the use case here, we want to make sure to refer users to our own documentation and not the documentation on their GitLab instance.
Resolves #417087 (closed).
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
To validate locally, please do the following:
- Create a new project or use an existing one.
- Add some vulnerable code to your project. Check here for some examples.
- Add a
.gitlab-ci.yml
file, and include SAST CI template. - Run a new pipeline after all code changes above are done. Some vulnerabilties should show up in the Vulnerability Report.
- Disable one of the predefined rules for semgrep by adding a
.gitlab/sast-ruleset.toml
file. - Make sure the rule you disable matches in
type
andvalue
with a vulnerability in Vulnerability Report (check identifier column). - Run a new pipeline after committing the
.gitlab/sast-ruleset.toml
file. - Validate that the vulnerability was resolved with the correct comment body.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.