Note / ignore old MRs
MRs can be updated long after they're merged or closed.
- Mention when an MR was (
merged|closed
), if it was merged <= 1 week ago - Skip the alert if the MR was (
merged|closed
) > 1 week ago
Example
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/109860
was mentioned in a merge request on 10 Nov 2023. That made it "updated". But the MR itself was merged in March 2023. There is no need for AppSec to review it.