All new vulnerabilities in the Merge Request Security Widget have the "Confirmed" status

Summary

In the MR Security Widget, new findings have a "Confirmed" status, which doesn't really make sense. There's no status management for these findings, since they're not persisted in the database (only vulnerabilities and dismissals are stored AFAIR).
The same vulnerabilities in the Vulnerability Report page appear with the Detected status, so there's a discrepancy between the statuses reported.

Steps to reproduce

  • Create a project
  • Add a vulnerability
  • Move the code of the vulnerability in a Merge Request (because we don't track location changes)
  • Notice the findings marked are New and Fixed at the same time, with a Confirmed status
  • Go to the Vulnerability report, notice that the same vulnerability is Detected.

Example Project

https://gitlab.com/gitlab-org/gitaly/ and example MR: gitaly!2858 (merged)

What is the current bug behavior?

Findings have a Confirmed status in MRs.

What is the expected correct behavior?

Findings should have the same status as the Vulnerability Report (or just Dismissed if we don't manage status in this area).

Relevant logs and/or screenshots

Support_Golang_v1_14_and_v1_15_in_CI___2858____Merge_Requests___GitLab_org___gitaly___GitLab

(A "potential hardcoded credentials" being Confirmed is scary!)

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info 
(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

/cc @matt_wilson @lkerr @thiagocsf for prioritization

Edited by Philippe Lafoucrière