Skip to content

Update vulnerability_read when vulnerability dismissed

What does this MR do and why?

As part of Implement dismissal_reason field on the Vulnerability::Read model, we updated vulnerabilities/dismiss_service.rb to update the existing state transition.

We also updated Vulnerability::Read for pipeline finding as part of this change.

But we also need to update Vulnerability::Read model when we are interacting with finding from pipeline (when vulnerability already exists), specifically in the situation where we are changing the state from a non-dismissed state to dismissed

Screenshots or screen recordings

Before After
before after

How to set up and validate locally

Steps to reproduce

  1. Go to a pipeline security tab: https://gitlab.com/gitlab-examples/security/security-reports/-/pipelines/997006012/security?severity=MEDIUM&reportType=DAST
  2. Click info icon of a non-dismissed finding
  3. Click dismiss vulnerability (add dismissal reason and comment)
  4. Click Confirm Dismissal
  5. If you open the modal of the same finding again, you'll see in the event note it's correctly dismissed with the reason and comment you provided
  6. Go to vulnerability report: https://gitlab.com/gitlab-examples/security/security-reports/-/security/vulnerability_report/?severity=MEDIUM&scanner=GitLab.DAST&state=ALL
  7. Find the same vulnerability you just dismissed
  8. Notice that in the table the status is Dismissed
  9. There should also be a badge for the dismissal reason

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.


EE: true
Changelog: fixed
Related to #424989 (closed)

Edited by Michael Becker

Merge request reports

Loading