Adapt issue feedback for Container Scanning vulnerabilities on the Group Security Dashboard
Problem to solve
The vulnerabilities objects provided on the Group Security Dashboard are generated using our own json entities. This produces a different data object than what's available in the raw report of Container Scanning.
Right now the vulnerability feedback feature is built to work with data coming from the raw reports and it needs to be adapted to support data coming from our DB + json entities.
Further details
By using the raw report's object we can take each individual property to generate a markdown output for the issue description (and for the upcoming MR description too). E.g.
"Upgrade **foo** from `1.2.3` to `1.4`"
which generates in the issue description:
Upgrade foo from 1.2.3
to 1.4
By using the DB+json entity object we have already generated values that aim to be displayed in the UI, but not in a markdown flavor. E.g.
Upgrade foo from 1.2.3 to 1.4
which generates in the issue description:
Upgrade foo from 1.2.3 to 1.4
Proposal
I see 2 possible approaches to solve that:
- When creating feedback from the group security dashboard, use the already generated solution. This means no markdown but only a plain text sentence.
- Add all the individual properties to the json entity to pass them down to the frontend and allow it to send it back to the backend when creating a feedback.
I would advocate for #1
because:
- it is the simplest and easiest solution
- all other report types already work this way so I wouldn't bother maintaining the markdown flavor just for Container Scanning
- with the upcoming wrapper for Container Scanning, the solution will be already generated in the raw report, so we'll have it everywhere already, no need to regenerate it.
What does success look like, and how can we measure that?
Issue Feedback for Container Scanning vulnerabilities created from the Group Security dashboard is providing the same content as all other places (Project Dashboard, MR widget, Pipeline view).