Add "Dismissed vulnerability" to the activity feed
Problem to solve
Today the only way to know who dismissed a vulnerability is in the More Info modal. If you want to know who dismissed a vulnerability and when you have to open every vulnerability and even then, we only tell you who made the dismissal.
Target audience
CISO, Security team manager/leader, and Security Analyists
Proposal
To further support Security professionals, and enhance monitoring of security actions, I think it would be useful to see the Dismiss vulnerability action appear in the activity dashboard and the user's personal activity feed.
Location:
- Instance level activity dashboard
- Group level activity dashboard
- Project level activity dashboard
- Personal activity feed
Data to show: On dismiss we can create an activity event detailing:
- who dismissed the vulnerability
- when the vulnerability was dismissed
- what vulnerability was dismissed
- what project the vulnerability belonged to
Future iterations: Not only dismissed activity should be in the activity feed, but also "Resolve", "Comment" should be there as well. Not sure technically we can do them together in this issue or not.
Linked location:
- it would be desirable to link directly to the project level security dashboard; however, I am not sure of the limitations to accomplish this.
Design:
Technical Details
Items on the activity feed are represented by the Event
model. Add a DISMISSED
item to its ACTIONS
hash and a Vulnerability
item to its TARGET_TYPES
hash.
New events are created with the EventCreateService
. Add a #dismiss_vulnerability
method to that class that takes the dismissed vulnerability and the current user as arguments and passes them to create_record_event
. This will require adding a #resource_parent
method to Vulnerability
that returns the vulnerability's project.
Then call EventCreateService#dismiss_vulnerability
from ::Vulnerabilities::DismissService
.
The new "Dismiss events" tab needs to be added in the event_filter
partial.
What does success look like, and how can we measure that?
Metrics will be tough depending on the usage of the activity dashboards. Measure: clicks from the activity feed to the project security dashboard
Links / references
Dependencies
Standalone vulnerabilities - #13561 (closed)