[Integrates] Implement branch and URL change
Problem to solve
The only way a client can update the branch or URL of a repository is by deactivating the existing repository and adding it again with the new information. Currently, it is possible to have a root with the same URL more than once, pointing to different branches, with the condition that only one of the roots can be active for evaluation.
However, this approach presents several issues:
-
To change the branch, everything that has reports must be deactivated, which will close all associated vulnerabilities and skew the group's analytics with inaccurately closed vulnerabilities.
-
Open manual reports may be lost because clients do not track closed items, making it very difficult to revisit everything for re-reporting.
-
Reactivating will cause all machine-generated reports to be duplicated, further affecting analytics. Additionally, the client will need to perform two major actions: one to deactivate and another to reactivate.
-
There can be groups with a high volume of repositories, which significantly impacts analytics when closing and reopening vulnerabilities.
Intended users
Customers.
Proposal
-
Implement a feature that enables users to change the branch name of the branch itself and/or the URL of a repository, even if reported vulnerabilities exist. -
The ToE to which they want to change the URL or branch must contain the same information as the previous ToE. An attempt should be made by engineering to verify this. Additionally, in the user's warnings, they must confirm and clarify that this is the case. Otherwise, they will assume responsibility. -
Additionally, introduce an extra step in the process to present users with a warning message indicating that the changes are made at their own risk and request confirmation before proceeding. -
Only user manager have permissions. -
If the feature with roots is successfully implemented, we can approve the same mechanism for other environments.
Test plan
Steps
-
Make sure that the code contributions checklist has been followed.