Notifies AppSec about security issue creation
What does this MR do and why?
- Notifies AppSec about security issue creation
AppSec wants to be notified when the security tasks issues are created.
The Slack::Security::AppSecNotifier
logic was expanded to notify
AppSec about the AppSec Task Issue and the Security Comms issue
creation, aside from the blog post notification. Using this logic, the
Security::Prepare::IssueCreator
was updated to call the
AppSecNotfifier
class.
Related to https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/19983 and gitlab-com/gl-infra/delivery#19984 (closed).
Testing
[1] pry(main)> Struct.new('Issuable', :url)
[4] pry(main)> blog_post = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[5] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: blog_post, issue_type: 'patch_blog_post').send_notification
2024-06-19 16:21:46.965993 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"patch_blog_post"}
[6] pry(main)> appsec_task = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[7] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: appsec_task, issue_type: 'appsec_task_issue').send_notification
2024-06-19 16:22:41.930099 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"appsec_task_issue"}
[8] pry(main)> comms_issue = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[9] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: comms_issue, issue_type: 'comms_security_task_issue').send_notification
2024-06-19 16:23:32.900777 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"comms_security_task_issue"}
Slack notifications
Blog post | AppSec task issue | Comms issue |
---|---|---|
![]() |
![]() |
![]() |
Author Check-list
- [-] Has documentation been updated?
Edited by Mayra Cabrera