Update SAST auto-resolution comment to include link with more context
What does this MR do and why?
This merge request updates the vulnerability auto-resolution comment to include a documentation link with more context.
Please note: I disabled the GitLab/DocUrl rubocop for this method because the comment is saved as a System Note (see screenshots below), and therefore, html tags (e.g. <a href=""></a>) are escaped and not displayed. I don't mind using help_page_url helper in principle, but for the use case here, we want to make sure to refer users to our own documentation and not the documentation on their GitLab instance.
Resolves #417087 (closed).
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
To validate locally, please do the following:
- Create a new project or use an existing one.
- Add some vulnerable code to your project. Check here for some examples.
- Add a
.gitlab-ci.ymlfile, and include SAST CI template. - Run a new pipeline after all code changes above are done. Some vulnerabilties should show up in the Vulnerability Report.
- Disable one of the predefined rules for semgrep by adding a
.gitlab/sast-ruleset.tomlfile. - Make sure the rule you disable matches in
typeandvaluewith a vulnerability in Vulnerability Report (check identifier column). - Run a new pipeline after committing the
.gitlab/sast-ruleset.tomlfile. - Validate that the vulnerability was resolved with the correct comment body.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.