Integrate standalone finding modal with MR widget
What does this MR do and why?
Relates to #413516 (closed)
This MR introduces a feature flag standalone_finding_modal_merge_request_widget
which, if enabled, shows the new standalone finding modal when clicking on a finding on the merge request security reports widget. This standalone finding modal can already be found when clicking a finding in the pipeline security tab.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
before | after |
How to set up and validate locally
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Enable feature flag:
echo "Feature.disable(:standalone_finding_modal_merge_request_widget)" | rails c
- Edit the
.gitlab-ci.yml
file and comment one or more of the scanners:
# container-scanning:
# script:
# - echo NOOP
# artifacts:
# reports:
# container_scanning: samples/container-scanning.json
- Save file, do this directly on main
- Edit file again, uncomment the commented scanner and create a merge request (this should make sure findings pop up in the merge request)
Validate
- Go to the merge request you just created
- Expand the security scanning widget
- Click on a finding, validate that this opens the new standalone finding modal. You can validate this by checking that clicking "Dismiss vulnerability" button opens an edit section to provide a dismissal reason and comment.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lorenz van Herwaarden