Adds automation to create appsec issue
What does this MR do and why?
Adds automation to create appsec issue
Introduces classes, CI and rake task to automatically create the AppSec issue during the initial steps of a patch release:
- The AppSec template was taken from the
scripts/checklist_utils.rb
on from the security-release-tools repository (https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tooling/security-release-tools/-/blob/master/scripts/checklist_utils.rb?ref_type=heads). - The CVES finder was refactored to also return the canonical issue associated with the security issue
- Specs and manual tests were performed. Related to gitlab-com/gl-infra/delivery#19984 (closed)
Testing
-
✅ A dry-run issue was successfully executed. I'm intentionally not putting the output since it contains actual security fixes -
✅ A test issue was created. The code was modified to prevent AppSec release managers assignation https://gitlab.com/gitlab-org/gitlab/-/issues/466284 -
✅ Pipeline created https://gitlab.com/gitlab-org/release-tools/-/pipelines/1323479986
Author Check-list
- [-] Has documentation been updated?
Edited by Mayra Cabrera