Add reusable TokenValidityBadge component
What does this MR do and why?
Add reusable TokenValidityBadge component
This commit adds a new reusable component for displaying the validity status of secret tokens found in vulnerabilities. The component shows different colored badges based on the token's status (active, inactive, or unknown).
- Create TokenValidityBadge in shared security reports
- Implement status-based styling and labeling
- Support three states: active, inactive, and unknown
- Use GitLab UI label component for consistent styling
Changelog: added EE: true
References
addresses [Follow-up] Create validity-check-badge Compone... (#537760 - closed) • Radu Birsan • 18.0
Screenshots or screen recordings
How to set up and validate locally
-
Go to Secure > Security Configuration for a project and enable
Pipeline Secret Detection -
Create or add a secret like
glpat-00000000000000000000anywhere inside the project and trigger a pipeline so you that an entry gets generated in Secure > Vulnerability Report -
Navigate to the Vulnerability Finding Page you just generated and note the id at the top of the url, in rails console run to find the vulnerability_occurrence_id:
Vulnerability.find(<id>).finding.id- in rails console enable the feature flag
Feature.enable(:validity_checks)- in rails console create a vulnerability finding token status
Vulnerabilities::FindingTokenStatus.create(vulnerability_occurrence_id: <vulnerability_occurrence_id>, status: "active")- Refresh finding page and you should see the badge now
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.