Data model updates to allow linking of Vulnerabilities to Issues
What does this MR do?
This MR adds the association model between Issues and Vulnerabilities (many-to-many relationship). This is done in order to support the creating Issues associated with Vulnerabilities functionality which is the part of the backstage implementation for Standalone Vulnerabilities.
The UX idea behind this feature is to provide the linking of Issues and Vulnerabilities similar to the Related Issues functionality for Issues. Vulnerabilities will get the ability to related Issues to them.
There is one special kind of related Issue for a Vulnerability - an issue that was created directly from a Vulnerability to remediate it. From the primary user flow designs:
Related issues; If a user creates an issue from the vulnerability, it will automatically be added to this section. Additionally, a user may add as many related issues as they desire using the add issue + button in this area.
- Caveat: Only issues added as related manually can be removed from this section. The issue created from the vulnerability cannot be removed.
To support this, the link_type
column is added to the vulnerability_issue_links
table. It tells if this link represents an Issue created from a Vulnerability or was it manually marked as related to it. There could be more link types later.
This is MR is intentionally made small to enable the database review and prevent blocking the review of other MRs containing the actual backstage functionality.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required) | This is a backstage issue, documentation for the related functionality is going to be added within #13561 (closed) when the respective frontend is implemented
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team