Adds automation to create appsec issue (!3179) · Merge requests · GitLab.org / release-tools

Mayra Cabrera requested to merge create-appsec-issue into master Jun 06, 2024

What does this MR do and why?

Adds automation to create appsec issue

Introduces classes, CI and rake task to automatically create the AppSec issue during the initial steps of a patch release:

The AppSec template was taken from the scripts/checklist_utils.rb on from the security-release-tools repository (https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tooling/security-release-tools/-/blob/master/scripts/checklist_utils.rb?ref_type=heads).
The CVES finder was refactored to also return the canonical issue associated with the security issue
Specs and manual tests were performed. Related to gitlab-com/gl-infra/delivery#19984 (closed)

✅ A dry-run issue was successfully executed. I'm intentionally not putting the output since it contains actual security fixes
✅ A test issue was created. The code was modified to prevent AppSec release managers assignation https://gitlab.com/gitlab-org/gitlab/-/issues/466284
✅ Pipeline created https://gitlab.com/gitlab-org/release-tools/-/pipelines/1323479986

Edited Jun 07, 2024 by Mayra Cabrera