Skip to content

Add false positive alert to Vulnerability Details

What does this MR do and why?

This MR is part of the pipeline's security tab's migration to GraphQL.

Going forward the VulnerabilityDetails component will be shared between the vulnerability detail's page (accessible via "Security & Compliance" -> "Vulnerability Report" -> Details for a given vulnerability) and the pipeline tab's vulnerability modal.

The modal currently renders an alert if the given finding has been flagged as a false-positive. This MR adds this to the VulnerabilityDetails component.

Screenshots or screen recordings

alert on the vulnerability details page
Screen_Shot_2022-06-29_at_12.25.01_pm

How to set up and validate locally

  1. Import the following gitlab project 2022-06-03_05-04-949_gitlab-examples_security_secur_export.tar.gz
  2. Run the pipeline on master, wait for it to complete
  3. Apply the following patch to add mock data: false_positive_alert.patch
  4. Within the imported project go to "Security & Compliance" -> "Vulnerability report" -> click on a vulnerability
  5. Verify that the alert is showing up
  6. Without the change that the patch introduces, it should not render

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #364781 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports

Loading