Dismissed findings are still presented in the MR security diff widget
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Despite efforts to implement a fix to prevent the display of dismissed vulnerabilities from re-appearing in the MR Security Diff widget, the implementation of the comparison makes it cost prohibitive to completely filter these out due to legacy issues with regards to how the UUID's of detected vulnerabilities are reconciled against known and dismissed vulnerabilities.
While mostly fixed by filtering off known vulnerabilities up to a threshold of 25 vulnerabilities for the diff, situations in which the UUID of the detected vulnerability findings occurring may not align with the persisted records which are dismissed already. This results in these records making it past the dismissal filtering mechanism introduced in Do not show Findings dismissed on the default b... (#390198 - closed) • Gregory Havenga • 16.0 • On track as the mechanism for reconciling these UUID's to known occurrences is cost prohibitive to run prior to the filtering mechanism.
Implementation Plan
Current expectation is that the implementation of Use security_findings for security MR widget re... (#390185 - closed) • Rushik Subba • 17.9 • On track will probably fix this implicitly as this will fundamentally change the source of the information for the report comparison to use purely persisted records which have already had any UUID issues reconciled.