Add System Note when vulnerability is reappeared
If vulnerability was marked as resolved because it was no longer detected, and then if it reappears, it goes back to the state Needs triage
. It's confusing because there is no system note that will tell when the vulnerability get back to the Needs triage
state. It even might look like it was never Resolved
.
How to reproduce this behaviour?
- Run once any Secure CI job that will generate report with a vulnerability.
- Mark the vulnerability as Resolved
- Then alter the repository or test report in the way that next CI job doesn't detect this vulnerability.
- Observe the vulnerability status, it has status
Needs triage
.
Expected behaviour
A system note is added to the vulnerability explaining when it reappeared in the repo.