Add `Dismissal Reason` to the vulnerability csv report (!140664) · Merge requests · GitLab.org / GitLab

Michael Becker requested to merge 434076-vulnerability-report-add-dismissal-reason-column-to-csv-export into master Dec 27, 2023

What does this MR do and why?

The epic for adding Dismissal Reasons to vulnerabilities is complete.

We want to include these dismissal reasons in the CSV report to make it easier for customers to ingest this data into their own systems.

resolves: #434076 (closed)

Changelog: changed
EE: true

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

CSV Reports

With no dismissed vulnerabilities: no-dismissals.csv
With a dismissal of each type: all-dismissals.csv
With un-dismissed vulnerabilities:

How to set up and validate locally

prerequisites

an EE enabled local instance
a project with vulnerabilites
- you can import the webgoat demo and run the pipeline

steps

go to the vulnerability report for a project or group that has vulnerabilities
- e.g. http://gdk.test:3000/gitlab-org/webgoat.net/-/security/vulnerability_report/?state=DETECTED
dismiss several vulnerabilities with whatever dismissal reason
export the vulnerability report
you should see your dismissal reasons populated in the relevant rows/columns in the csv
go back to the dashboard and un-dismiss the vulnerabilities
- e.g. http://gdk.test:3000/gitlab-org/webgoat.net/-/security/vulnerability_report/?state=DISMISSED
export the report again
you should see the previously populated dismissal reasons now blank

Related to #434076 (closed)

Edited Jan 02, 2024 by Michael Becker

Add `Dismissal Reason` to the vulnerability csv report