Add false positive alert to Vulnerability Details
What does this MR do and why?
This MR is part of the pipeline's security tab's migration to GraphQL.
Going forward the VulnerabilityDetails
component will be shared between the vulnerability detail's page (accessible via "Security & Compliance" -> "Vulnerability Report" -> Details for a given vulnerability) and the pipeline tab's vulnerability modal.
The modal currently renders an alert if the given finding has been flagged as a false-positive. This MR adds this to the VulnerabilityDetails
component.
Screenshots or screen recordings
alert on the vulnerability details page |
---|
How to set up and validate locally
- Import the following gitlab project 2022-06-03_05-04-949_gitlab-examples_security_secur_export.tar.gz
- Run the pipeline on master, wait for it to complete
- Apply the following patch to add mock data: false_positive_alert.patch
- Within the imported project go to "Security & Compliance" -> "Vulnerability report" -> click on a vulnerability
- Verify that the alert is showing up
- Without the change that the patch introduces, it should not render
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #364781 (closed)
Edited by Paul Gascou-Vaillancourt