Add optional reason when dismissing vulnerabilities

Problem to solve

Users can dismiss vulnerabilities in the security reports in case they recognize it as a false positive, or it simply doesn't apply to that specific case.

Security engineers may need to know the reason, and to understand why the vulnerability has been dismissed. At the moment, there is no way to get this information.

Target audience

Sasha, Software Developer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sasha-software-developer
Sam, Security Analyst, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sam-security-analyst

Proposal

Allow users to specify an optional message when dismissing vulnerabilities. This information will be saved.

Users that don't want/need to add the reason will go through their standard process as usual.

The dismissal information is the object that can be used to "add a comment". If that's the case, a textarea will appear (similar to comments in issues).

Related issue where we address adding a comment after dismissing, editing and more: https://gitlab.com/gitlab-org/gitlab-ee/issues/10364

Edited Jun 19, 2019 by Nicole Schwartz