Allow providing dismissal reason & comment for vulnerability bulk updates
Release Notes
When selecting one or more vulnerabilities in the vulnerability report, it's possible to change their status in bulk. This functionality should be enhanced:
- be able to provide a dismissal reason when choosing the dismiss status (similar to vulnerability detail page)
- add a comment (this is required for the dismissed status)
Guard behind feature flag dismissal_reason
.
Screenshot above with comment field will have 1 extra dropdown for dismissal reason.
Relevant links
- Design issue: #267582 (closed)
- Epic: &4649 (closed)
Non-functional requirements
-
Documentation: -
Feature flag: dismissal_reason
Implementation steps
-
Switch from GlDropdown to GlListbox in selection_summary.vue
-
If the dismiss status is chosen, show a new GlListbox with dismissal reasons -
After selecting the status (also the dismissal reason if dismiss status), show a comment field -
Mutation should include the comment provided
Verification steps
- Go to this verification project
- Select a couple of vulnerabilities
- Verify that cancel button and change status button is visible immediately (change status is disabled)
- Verify that clicking cancel button hides the selection summary and deselects the vulns you had selected
- Select some vulns again
- For any status but dismiss:
- select that status
- verify that comment input form appears
- verify that change status button is enabled (comment is not required)
- add a comment and click change status
- go to the detail page of any of your confirmed vulns and verify that there is a system note like "@<username> changed vulnerability status to <the-status> and the following comment: "<your-comment>" just now"
- For dismiss status:
- select dismiss status
- verify that dismissal reason listbox appears and change status is still disabled
- select a dismissal reason
- verify that change status is still disabled
- add a comment
- click change status
- go to the detail page of any of your dismissed vulns and verify that there is a system note like "@<username> changed vulnerability status to Dismissed: <the-reason> and the following comment: "<your-comment>" just now"
Edited by Alana Bellucci