Draft: Show an icon in MR widget for findings matched by auto-dismiss policy

Martin Cavojrequested to merge
577883-fe-update-mr-security-widget-to-include-auto-dismiss-section into 581394-be-auto-dismiss-vulnerabilities-for-the-mr-security-widget

What does this MR do and why?

Show an icon in MR widget for findings matched by auto-dismiss policy

When findings are going to be auto-dismissed by a policy, we want to show an icon for these findings in the MR security widget.

References

Screenshots or screen recordings

Before After
CleanShot_2025-12-11_at_09.46.04_2x CleanShot_2025-12-11_at_10.03.10_2x

How to set up and validate locally

  1. Enable the feature flag auto_dismiss_vulnerability_policies
  2. Create a project
  3. Create an auto-dismiss policy: 
    vulnerability_management_policy:
- name: Auto-dismiss acceptable secrets
  description: Auto-dismiss secrets
  enabled: true
  actions:
  - type: auto_dismiss
    dismissal_reason: not_applicable
  rules:
  - type: detected
    criteria:
    - type: file_path
      value: ".env"
  4. Add .gitlab-ci.yml with secret detection 
    include:
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
  5. Add two secrets in a new MR:
    1. .env: 
      AWS_TOKEN=AKIAZYONPI3G4JNCCWGQ
    2. .env2: 
      AWS_TOKEN=AKIAZYONPI3G4JNCCWGA
  6. Wait for the pipeline to finish
  7. Expand the detected findings in the MR security widget and verify that the matched finding shows an icon with a popover, while the other one doesn't.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #577883

Edited by Martin Cavoj

Merge request reports