Add dismissal type reason to vulnerability status-comment
requested to merge 392437-dismissal-types-be-add-dismissal-type-reason-to-status-comment into master
What does this MR do and why?
It is desired for the dismissal reason to be appropriately associated with a vulnerability upon dismissal and presented in the associated system note audit trail. This MR modifies all relevant locations of vulnerability state change to use the dismissal reason in the state transition record to provide better detail to the system note.
Screenshots or screen recordings
How to set up and validate locally
- Configure a project with functional vulnerability scanning pipelines and run them.
- Choose a vulnerability to test with.
- Run the following command in the console with
Vulnerabilities::DismissService.new(User.first, Vulnerability.find(<chosen vuln id>), "yes", :acceptable_risk).execute - Validate that your vulnerability has a system note similar to
"@root changed vulnerability status to Dismissed: Acceptable Risk just now"according to your chosen parameters.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #392437 (closed)
Edited by Zamir Martins