Skip to content

Add a setting for toggling auto-fix feature

What does this MR do?

This adds a Suggested Solutions section in Security & Compliance > Configuration. This new section contains a checkbox to enable or disable the auto-fix feature that will automatically create a remediation MR whenever a fix is available for a Container Scanning or Dependency Scanning vulnerability.

In a future iteration, there will be a checkbox for each auto-fixable scan type to allow for more granular preferences. In this initial iteration, we provide a single checkbox that toggles the setting for all scan types at a time, but we implemented the feature with the future iterations in mind, hence some temporary workarounds in the code that will soon be refactored.

How to test this?

  • Enable the :security_auto_fix feature flag:
> echo "Feature.enable(:security_auto_fix)" | spring rails c
  • Optionally, mock the ajax request by adding a few lines in ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue:
diff --git a/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue b/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
index 7904a41c659..137ffbad157 100644
--- a/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
+++ b/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
@@ -6,6 +6,10 @@ import { __ } from '~/locale';
 import createFlash from '~/flash';
 import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 
+import AxiosMockAdapter from 'axios-mock-adapter';
+const axiosMock = new AxiosMockAdapter(axios, { delayResponse: 1000 });
+axiosMock.onPost('auto_fix').reply(200)
+
 export default {
   components: {
     GlIcon,
  • Browse to /:namespace/:project/-/security/configuration.

Screenshots

Auto-fix enabled (by default) Auto-fix disabled
image image

toggle_auto_fix_v2

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Paul Gascou-Vaillancourt

Merge request reports

Loading