Show Security or Confidence independently for SAST vulnerability

Summary

With Enrich SAST report with more metadata we know have Severity and Confidence as separate properties for SAST vulnerabilities. Though the FE currently expect to have both available to show them.

Steps to reproduce

Display a MR with a Brakeman of Flawfinder vulnerability (as these don't provide Severity).

Example Project

https://staging.gitlab.com/gonzoyumo/security-reports/merge_requests/1

What is the current bug behavior?

Vulnerability Confidence is not shown in the list if Severity is not provided.

What is the expected correct behavior?

Show Confidence only when there is no Severity and vice-versa.

Relevant logs and/or screenshots

Current	Expected

Possible fixes

https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/app/assets/javascripts/vue_shared/security_reports/components/sast_issue_body.vue#L28-30

Edited Jun 08, 2018 by Olivier Gonzalez