Skip to content

Fix add/edit/delete dismissal comment for pipeline security tab

Daniel Tian requested to merge 390073-fix-dismissal-comment-for-pipeline-security-tab into master

What does this MR do and why?

This MR updates the add/edit/delete dismissal comment actions on the pipeline security tab to use a GraphQL mutation instead of the vulnerability_feedback endpoint, which is going away as part of the deprecate vulnerabilities feedback work. The add/edit/delete dismissal comment feature can be done on the finding modal:
ksnip_20230328-150541 ksnip_20230328-150605 ksnip_20230328-150643

How to set up and validate locally

  1. Disable the deprecate_vulnerabilities_feedback feature flag.
  2. Clone any project that has security findings, like this one: https://gitlab.com/gitlab-examples/security/security-reports
  3. Run a pipeline against any branch, then go to the pipeline security tab for that pipeline.
  4. Click on a finding to open the modal.
  5. Dismiss the finding with a comment, re-open the modal, and verify that the comment was added.
  6. Re-open the modal, edit the comment, save it, re-open the modal, and verify that the comment was edited.
  7. Re-open the modal, delete the comment, re-open the modal, and verify that the comment was removed.
  8. Enable the deprecate_vulnerabilities_feedback feature flag and repeat steps 4-8.

Feature flag off

Feature flag on

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #390073 (closed)

Edited by Daniel Tian

Merge request reports