Exclude secret_detection findings from autoresolution
What does this MR do and why?
Secret Detection findings should be treated as distinct from other finding types as once they are removed from a branch's HEAD that does not guarantee them to be safe and they require manual resolution, such as rotation of the leaked token since they remain present in the git history.
Relates to #223248 (closed)
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Import project: 2021-09-29_16-11-646_root_secret-resolution-test_export.tar.gz
- Run pipeline
- Note Project's "Vulnerability Report" includes one vulnerability
- Open MR removing finding from README.md
- Note MR widget no longer shows finding as "fixed"
- Merge MR, allow pipeline to finish
- Note Project's "Vulnerability Report" still lists vulnerability as unresolved
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lucas Charles