Handle dismiss finding logic

What does this MR do and why?

Handles logic for dismissing a vulnerability.

Screenshots or screen recordings

How to set up and validate locally

Requirements:

1. You'll need an EE License
2. You'll need to have runners enabled (See $2408961 for setting up a runner)
3. Enable :refactor_security_extension to turn this feature on.

echo "Feature.enable(:refactor_security_extension)" | rails c

Steps:

1. Import https://gitlab.com/gitlab-examples/security/security-reports
2. Create a new MR by modifying a file
3. Toggle security reports
4. Click on a finding name
5. Dismiss the vulnerability from the modal

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #386012 (closed)

changed milestone to %Backlog

added Category:Vulnerability Management Threat InsightsNavy automation:ml devopsgovern feature flag featureaddition frontend groupthreat insights sectionsec typefeature workflowrefinement labels

assigned to @svedova

	1 Warning
	featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart. For more information, see: The Handbook page on merge request types. The definition of done documentation.

	1 Message
	CHANGELOG missing: If you want to create a changelog entry for GitLab FOSS, add the Changelog trailer to the commit message you want to add to the changelog. If you want to create a changelog entry for GitLab EE, also add the EE: true trailer to your commit message. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
frontend	Axel García (@agarciatesares) (UTC-3, 4 hours behind @svedova)	Coung Ngo (@cngo) (UTC+0, 1 hour behind @svedova)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

Bundle size analysis [beta]

This compares changes in bundle size for entry points between the commits 182d7640 and 27d11772

Special assets

Entrypoint / Name	Size before	Size after	Diff	Diff in percent
average	3.54 MB	3.54 MB	-	0.0 %
mainChunk	1.95 MB	1.95 MB	-	0.0 %

---

Note: We do not have exact data for 182d7640. So we have used data from: 06b6b2a9.
The intended commit has no webpack pipeline, so we chose the last commit with one before it.

Please look at the full report for more details

---

Read more about how this report works.

Generated by Danger

Allure report

allure-report-publisher generated test report!

e2e-review-qa: test report for 27d11772

expand test summary

+-----------------------------------------------------------------------+
|                            suites summary                             |
+------------------+--------+--------+---------+-------+-------+--------+
|                  | passed | failed | skipped | flaky | total | result |
+------------------+--------+--------+---------+-------+-------+--------+
| Create           | 28     | 0      | 1       | 0     | 29    | ✅     |
| Plan             | 49     | 0      | 1       | 0     | 50    | ✅     |
| Manage           | 34     | 0      | 3       | 1     | 37    | ❗     |
| Verify           | 12     | 0      | 1       | 0     | 13    | ✅     |
| Govern           | 24     | 0      | 5       | 0     | 29    | ✅     |
| Framework sanity | 9      | 0      | 1       | 0     | 10    | ✅     |
| Package          | 0      | 0      | 1       | 0     | 1     | ➖     |
+------------------+--------+--------+---------+-------+-------+--------+
| Total            | 156    | 0      | 13      | 1     | 169   | ❗     |
+------------------+--------+--------+---------+-------+-------+--------+

changed the description

marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

@sming-gitlab can you please review this MR as well?

requested review from @sming-gitlab

mentioned in issue #386012 (closed)

added 107 commits

• 94f82e73...dc871d72 - 106 commits from branch master
• da04df43 - Handle dismiss finding logic

Compare with previous version

approved this merge request

removed review request for @sming-gitlab

@sming-gitlab, thanks for approving this merge request.

This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

For more info, please refer to the following links:

• rspec minimal jobs
• jest minimal jobs
• merging a merge request.

added pipeline:mr-approved label

@aturinske can you please maintainerize this one? Please let me know if you need assistance to test this locally

requested review from @aturinske

approved this merge request

resolved all threads

enabled an automatic merge when the pipeline for cb01e3c3 succeeds

aborted the automatic merge because source branch was updated

added 293 commits

• da04df43...7abed858 - 292 commits from branch master
• a3f20db5 - Handle dismiss finding logic

Compare with previous version

enabled an automatic merge when the pipeline for f4af0b71 succeeds

aborted the automatic merge because source branch was updated

added 1 commit

• 27d11772 - Handle dismiss finding logic

Compare with previous version

enabled an automatic merge when the pipeline for d232f3ae succeeds

merged

Hi @svedova,

Please note that authors are not authorized to merge their own merge requests and need to seek another maintainer to merge.

For more information please refer to:

• GitLab Security Compliance Controls
• Change Management Controls CMG-04
• Feedback issue

This message was generated automatically. You're welcome to improve it.

Got two approvals, merged the MR because the pipeline was failing due to unrelated reason. Rebased and merged.

How were you able to merge your own MR? I thought we have rules in place preventing that should prevent you from doing so.

added self-merge label

mentioned in commit ea4660ce

added workflowstaging-canary label and removed workflowrefinement label

added workflowcanary label and removed workflowstaging-canary label

added workflowstaging label and removed workflowcanary label

added workflowproduction label and removed workflowstaging label

resolved all threads

mentioned in issue #378353 (closed)

added workflowpost-deploy-db-staging label and removed workflowproduction label

added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label

added releasedcandidate label

added releasedpublished label and removed releasedcandidate label