Commit 699d3bc7 authored by Victor Zagorodny's avatar Victor Zagorodny Committed by Kamil Trzciński

Make issue created from vulnerability feedback confidential

parent 3e2eda24
......@@ -343,7 +343,7 @@ a detailed information will pop up with two different possible options:
- **Dismiss vulnerability** - Dismissing a vulnerability will place a <s>strikethrough</s> styling on it.
- **Create issue** - The new issue will have the title and description
pre-populated with the information from the vulnerability report.
pre-populated with the information from the vulnerability report and is created as [confidential](../issues/confidential_issues.md) by default.
- **Solution** - For some vulnerabilities ([Dependency Scanning](dependency_scanning.md) and [Container Scanning](container_scanning.md))
a solution is provided for how to fix the vulnerability.
......
......@@ -9,11 +9,11 @@ Use it to find and fix vulnerabilities affecting the [default branch](./reposito
## How it works?
To benefit from the Security Dashboard you must first configure the [Security Reports](merge_requests/index.md#security-reports).
To benefit from the Security Dashboard you must first configure the [Security Reports](merge_requests/index.md#security-reports-ultimate).
The Security Dashboard will then list security vulnerabilities from the latest pipeline run on the default branch (e.g., `master`).
You will also be able to interact with the reports [the same way you can on a merge request](merge_requests/index.md#interacting-with-security-reports).
You will also be able to interact with the reports [the same way you can on a merge request](merge_requests/index.md#interacting-with-security-reports-ultimate).
## Keeping the Security Dashboard updated
......
......@@ -16,7 +16,8 @@ module Issues
issue_params = {
title: "Investigate vulnerability: #{vulnerability.title}",
description: render_description(vulnerability)
description: render_description(vulnerability),
confidential: true
}
issue = Issues::CreateService.new(@project, @current_user, issue_params).execute
......
---
title: Issues created from vulnerabilities are now confidential by default
merge_request: 9157
author:
type: changed
......@@ -20,6 +20,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
expect(issue.author).to eq(user)
expect(issue.title).to eq(expected_title)
expect(issue.description).to eq(expected_description)
expect(issue).to be_confidential
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment