Add a setting for toggling auto-fix feature
- Related issue: #215682 (closed)
What does this MR do?
This adds a Suggested Solutions section in Security & Compliance > Configuration. This new section contains a checkbox to enable or disable the auto-fix feature that will automatically create a remediation MR whenever a fix is available for a Container Scanning or Dependency Scanning vulnerability.
In a future iteration, there will be a checkbox for each auto-fixable scan type to allow for more granular preferences. In this initial iteration, we provide a single checkbox that toggles the setting for all scan types at a time, but we implemented the feature with the future iterations in mind, hence some temporary workarounds in the code that will soon be refactored.
How to test this?
- Enable the
:security_auto_fix
feature flag:
> echo "Feature.enable(:security_auto_fix)" | spring rails c
- Optionally, mock the ajax request by adding a few lines in
ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
:
diff --git a/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue b/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
index 7904a41c659..137ffbad157 100644
--- a/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
+++ b/ee/app/assets/javascripts/security_configuration/components/auto_fix_settings.vue
@@ -6,6 +6,10 @@ import { __ } from '~/locale';
import createFlash from '~/flash';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
+import AxiosMockAdapter from 'axios-mock-adapter';
+const axiosMock = new AxiosMockAdapter(axios, { delayResponse: 1000 });
+axiosMock.onPost('auto_fix').reply(200)
+
export default {
components: {
GlIcon,
- Browse to
/:namespace/:project/-/security/configuration
.
Screenshots
Auto-fix enabled (by default) | Auto-fix disabled |
---|---|
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry - not needed as the changes are behind a feature flag
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Edited by Paul Gascou-Vaillancourt