Validate vulnerability_age for presence of previously existing states
What does this MR do and why?
This MR adds validation for vulnerability_age
and checks for presence of previously existing vulnerability_states
.
It's based on the requirement in the epic &6826 (closed):
Age of vulnerability can only be selected when creating a policy based on previously detected vulnerabilities.
Screenshots or screen recordings
How to set up and validate locally
- Create a new scan result policy
- Switch to the
.yaml mode
and use the following YAML:
type: scan_result_policy
name: Age
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states:
- new_needs_triage
branch_type: protected
vulnerability_age:
operator: greater_than
value: 2
interval: week
actions:
- type: require_approval
approvals_required: 1
user_approvers_ids:
- 1 # Replace with an existing user ID
- Click configure with merge request
- Verify that error appears "Vulnerability age requires previously existing vulnerability states"
- Add/change
vulnerability_states
to includedetected
- There should be no error
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #397086 (closed)