feat: Include resolution comment when auto-resolving vulnerabilities (!101704) · Merge requests · GitLab.org / GitLab

Lucas Charles requested to merge include-comment-during-mark-dropped-as-resolved-svc into master Oct 20, 2022

What does this MR do and why?

As a follow-up to !95422 (merged), we now have the capability to auto-resolve vulnerabilities when an analyzer has removed their vulnerability type from our default scanner rulesets. To better describe the automation we should include a clear comment describing the auto-resolution.

This feature is currently behind feature flag see rollout issue: #375128 (closed)

Screenshots or screen recordings

Before	After

How to set up and validate locally

Test project export using modified fixtures: 2022-08-16_16-45-709_root_go_export.tar.gz

Enable the feature flag: Feature.enable(:sec_mark_dropped_findings_as_resolved)
Run default pipeline
Confirm presence of 3 vulnerabilities on dashboard
Update .gitlab-ci.yml to reference gl-sast-report.tests-go-with-scan-primary-identifiers.json
Confirm no change in behavior (still 3 vulnerabilities on dashboard)
Update .gitlab-ci.yml to reference gl-sast-report.tests-go-with-scan-primary-identifiers-dropping-G104.json
Confirm auto-resolution of dropped identifier (2 remaining detected vulnerabilities, 1 resolved and no longer detected)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 02, 2022 by Lucas Charles

feat: Include resolution comment when auto-resolving vulnerabilities

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports