Vulnerability List enhancements step 5: Setting to enable/disable auto grouping
Background
As we add more 3rd-party security scanners as official integration partners, it will become more difficult for users to determine at a glance which scanner a detection came from. Additionally, after First Class Vulnerabilities released, scan results will be persistent across runs. This opens the potential for mixing same type (e.g. DAST) results from both the GitLab-provided scanners and one or more 3rd parties. We'll need a clean, clear way to let users easily manage potentially multiple scanners making the same detection.
We have done a research issue to provide insights into the proposed solution.
After that, the solution has been breakdown into several steps/issues:
- step 1.1(#210327 (closed)): Adding the following info: Line of code, scanner name and identifier to the list view. It is a minimum step to help users understand the situation
- step 1.2(#210327 (closed)): Update filter
- step 2(#210333 (closed)): Enable group feature without suggestion. Grouping would be provided as a separate step
- step 3(#210357 (closed)): Auto-grouping with intro of features
- step 4(#210360 (closed)): docs to explain how bot(auto group) works
- step 5: Enable/disable auto grouping
Problem
When we help the user auto group duplicated vulnerabilities, how can we enable users to disable it when needed?
Solution
This is draft! design need to refine