Add pipeline id to auto-resolve note
What does this MR do and why?
We currently show the id of the pipeline that causes a vulnerability to transition back to detected, but don't do the same when a vulnerability transitions to resolved. This MR adds the pipeline ID to the resolved note to help users troubleshoot vulnerabilities that are flapping (switching back and forth between resolved and detected). This will let users compare the two pipelines to see if scan results or scan configuration are causing the behavior.
References
Relates to: Show pipeline ID in the auto-resolve note (#566392 - closed)
Screenshots or screen recordings
How to set up and validate locally
- Acquire a project with vulnerabilities
- Configure a vulnerability management policy
- Fix one of the vulnerabilities
- Go to the vulnerability details page
- History should contain a note with the id of the pipeline that resolved the vulnerability.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Brian Williams