Customize the type of vulnerability in regards to the default branch (e.g., main) for the approval
Why are we doing this work
Currently Vunerability-check rule applies to any type of vulnerability. Providing a way to define which type(s) of vulnerabilities should be considered will give the user more granularity.
This only applies when the default branch is selected, then users can select whether vulnerabilities should be newly detected, pre-existing dismissed, or pre-existing detected, or pre-existing confirmed. These states will map to the values in the table below.
Value map table
Menu option | State of finding in default branch |
---|---|
Newly detected | N/A (does not exist in default branch) OR resolved OR has been marked as "resolved on default branch" (aka disappeared) |
pre-existing dismissed | dismissed |
pre-existing detected | detected |
pre-existing confirmed | confirmed |
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
frontend Add a dropdown with the types above -
frontend Add all
as an option to keep support with the current behaviour -
backend Extend the model to support the scanners related to endpoint: http://HOST/api/v4/projects/PROJECT_ID/approval_settings/rules
-
backend Extend or derive the related rules. -
documentation Update related docs
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.