Call false positive detection worker for vulnerability from execute_hooks method

Hitesh Raghuvanshirequested to merge
569264-fp-detection-scanner into master

What does this MR do and why?

Currently the worker TriggerFalsePositiveDetectionWorkflowWorker for triggering the workflow for detecting false positives for sast vulnerabilities was getting triggered from after_create_commit callback in the model but when vulnerabilities are generated by scanners in pipelines, the callbacks are triggered separately by method execute_hooks in the Vulnerability model.

The worker was not getting triggered in case of scanner generated vulnerabilities.

In this MR, we are calling the callback method for the worker from execute_hooks method.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/569264

Screenshots or screen recordings

Refer https://youtu.be/TIB_z5tL1Pg

How to set up and validate locally

You can also refer https://youtu.be/TIB_z5tL1Pg for the steps.

  1. You need to have a group with Ultimate license.
  2. Enable the feature flag enable_vulnerability_fp_detection for the group or the instance.
  3. Clone the project present at https://gitlab.com/compliance-group-testing-and-demos/team-testing-subgroup/hraghuvanshi/sast-fp-detection-smallset.
  4. Now, when you push the project to the repository, the pipeline will get triggered and you need to wait for 2 minutes.
  5. Then visit the Automate -> Agent Sessions tab from left sidebar of the project to view the agent sessions being generated and the SAST FP workflows will be triggered by them.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #569264

Edited by Hitesh Raghuvanshi

Merge request reports