advisories.gitlab.com: Advisories marked as false-positives should be clearly indicated

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Problem

The following advisory was intentionally marked as False-Positive over 2 years ago due to GitLab internal feedback:

1. https://advisories.gitlab.com/pkg/npm/select2/CVE-2016-10744/
2. https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/205+s

Looking at this advisories' page, a customer has no way of knowing it was withdrawn.

Solution

Advisories that do not match any version (eg. <0) should have a false-positive banner on their advisories.gitlab.com page.

Links

• Internal Slack conversation

cc @mhenriksen @johncrowley @dabeles