Dismissed vulnerabilities in the pipeline view are not dismissed in the security dashboard
Summary
When dismissing vulnerabilities in the pipeline view, they are not dismissed in the security dashboard.
Steps to reproduce
- Create a new project
- Import vulnerabilities likes https://gitlab.com/gitlab-org/security-products/demos/imports (use the
.gitlab-ci.yml
file) - Dismiss vulnerabilities in the pipeline security tab
- Go to the project security dashboard
Example Project
https://gitlab.com/gitlab-org/security-products/demos/imports
What is the current bug behavior?
- Vulnerabilities are displayed in the dashboard
- Vulnerabilities are not displayed in the pipeline security tab (hidden because dismissed)
What is the expected correct behavior?
Consistent behaviour between the two.
Relevant logs and/or screenshots
A gif is worth a thousand pictures (especially gifs with a thousand frames):
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
- Create a background migration to dismiss the vulnerabilities if their findings are dismissed by the "pipeline security tab".
/cc @matt_wilson @lkerr @thiagocsf for prioritization
Edited by Thiago Figueiró