Skip to content

Always show create-jira-issue button on MR-widget modal and pipeline listing when setting is enabled

What does this MR do?

It resolves a bug that prevents the "Creat Jira Issue" button on both the MR-widget and pipeline-security vulnerability listing to appear when jira issues are enabled, but GitLab issues are not.

Screenshots or Screencasts (strongly suggested)

Settings

GitLab-issues settings Jira-issues settings
general_settings jira_settings

Pipeline Vulnerabilities listing

before after
pipeline_before pipeline_after

MR-widget modal

before after
MR-widget_before MR-widget_after

How to setup and validate locally (strongly suggested)

Prerequisites: Pipeline Setup
  1. Clone https://gitlab.com/gitlab-examples/security/security-reports/
  2. Run the pipeline by going into Your project > CI/CD > Pipelines
  3. Click on run pipeline for master branch
  4. Go to Project > CI/CD > Pipelines > Your Pipeline > Security Tab

You should have the runner installed in order to run the pipeline. Then using the following command you can register the runner, it guides you pretty good on how to set the runner:

$ gitlab-runner register

Once it's installed this is how I run the runner:

$ gitlab-runner --log-level debug run local-runner --config ~/.gitlab-runner/config.toml restart
Fix validation
  1. Enable the Jira Integration for a project.
  2. Enable the option "Enable Jira issues creation from vulnerabilities" for the project.
  3. Create a merge request with some vulnerabilities detected by one of the scanner.
  4. Make sure the "Gitlab Issues" functionality is enabled.
  5. Open the the pipeline's security tab and check the vulnerability listing's action buttons / Click on one of the vulnerabilities in the MR widget
  6. Notice the create "Jira issue button" is present.
  7. Disable the GitLab Issues functionality for the project.
  8. Open the MR and click on one of the vulnerabilities.
  9. Notice the create "Jira issue button" is not longer present.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #339173 (closed)

Edited by David Pisek

Merge request reports

Loading