Skip to content

Exclude secret_detection findings from autoresolution

Lucas Charles requested to merge disable-auto-resolution-of-secret-detection-findings into master

What does this MR do and why?

Secret Detection findings should be treated as distinct from other finding types as once they are removed from a branch's HEAD that does not guarantee them to be safe and they require manual resolution, such as rotation of the leaked token since they remain present in the git history.

Relates to #223248 (closed)

Screenshots or screen recordings

Before After
Screen_Shot_2021-09-29_at_4.19.16_PM Screen_Shot_2021-09-29_at_4.16.12_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Import project: 2021-09-29_16-11-646_root_secret-resolution-test_export.tar.gz
  2. Run pipeline
  3. Note Project's "Vulnerability Report" includes one vulnerability
  4. Open MR removing finding from README.md
  5. Note MR widget no longer shows finding as "fixed"
  6. Merge MR, allow pipeline to finish
  7. Note Project's "Vulnerability Report" still lists vulnerability as unresolved

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lucas Charles

Merge request reports