Suggest fix for security vulnerabilities in the report
Problem to solve
Security reports show vulnerabilities and allow users to create an issue from there. The issue should contain more information about the vulnerability, at least the same available in the report.
If possible, it should also indicate which is the suggested solution to fix the problem. This solution could be then automatically implemented in a MR (out of this scope).
We need to check if we have this information available, at least for dependency scanning.
When users create an issue from a Security Report, we should prefill the content with a suggested solution to fix the problem, plus more details (e.g., filename affected).
What does success look like, and how can we measure that?
Issues created in this way are closed by a MR.