Issue created on vulnerability are not shown as linked after merging the MR.

Summary

From the MR, issues can be created for vulnerabilities by clicking Create issue in vulnerability popup. This created issue is shown as a comment within the vulnerability popup. Now merging this MR will transfer these vulnerabilities to the project's vulnerability_report page, but the link between the vulnerability and the created issue is lost after this transfer. There will be no sign of the created issue within in the vulnerability listed in the project's vulnerability_report page.

Steps to reproduce

1. Submit an MR.
2. Select one of the vulnerability detected in the MR pipeline from the MR overview tab and click Create issue in vulnerability popup.
3. Created issue will be displayed within the vulnerability popup as a comment e.g Created issue issue#.
4. Now merge the MR and the vulnerabilities will now show up in the project's vulnerability_report page.
5. Check the vulnerability mentioned in Step 2. The already created issue won't be shown as comment or under linked issue.

What is the current bug behavior?

Issues created for vulnerability from MR are not shown as linked issue in vulnerability in project's vulnerability_report page.

What is the expected correct behavior?

Issues created for vulnerability from MR will be shown as linked issue in the vulnerability in project's vulnerability_report page

Relevant logs and/or screenshots

Issue created from MR overview tab.

Vulnerability from project's vulnerability_report

Output of checks

This bug happens on GitLab.com

Implementation plan

• backend Adjust Security::StoreReportService to:
  • Check if the backing Vulnerabilities::Finding has any Vulnerabilities::Feedback with an issue_id after creating the Vulnerability,
  • If yes then it should create Vulnerabilities::IssueLink entries
  • Otherwise proceed as usual