Integrate AutoDismissService into IngestReportsService

Martin Cavojrequested to merge
581379-be-implement-auto-dismiss-integration-with-vulnerability-ingestion into master

What does this MR do and why?

Call AutoDismissService to automatically dismiss the ingested vulnerabilities based on the vulnerability management policies.

References

Screenshots or screen recordings

CleanShot_2025-12-01_at_13.37.28_2x

How to set up and validate locally

  1. In rails console enable the feature flag 
    Feature.enable(:auto_dismiss_vulnerability_policies)
  2. Create a project
  3. Create an auto-dismiss policy: 
    vulnerability_management_policy:
- name: Auto-dismiss acceptable secrets
  description: Auto-dismiss secrets
  enabled: true
  actions:
  - type: auto_dismiss
    dismissal_reason: not_applicable
  rules:
  - type: detected
    criteria:
    - type: file_path
      value: ".env"
  4. Add .gitlab-ci.yml with secret detection 
    include:
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
  5. Add two secrets in the main branch:
    1. .env: 
      AWS_TOKEN=AKIAZYONPI3G4JNCCWGQ
    2. .env2: 
      AWS_TOKEN=AKIAZYONPI3G4JNCCWGA
  6. Wait until the pipeline on main finishes
  7. Open the Vulnerability Report, remove the default state filter and verify that the secret from .env got dismissed and there is an activity comment stating the details.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #581379

Merge request reports