Skip to content

Notifies AppSec about security issue creation

Mayra Cabrera requested to merge notify-appsec-of-issue-creation into master

What does this MR do and why?

  • Notifies AppSec about security issue creation

AppSec wants to be notified when the security tasks issues are created. The Slack::Security::AppSecNotifier logic was expanded to notify AppSec about the AppSec Task Issue and the Security Comms issue creation, aside from the blog post notification. Using this logic, the Security::Prepare::IssueCreator was updated to call the AppSecNotfifier class.

Related to https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/19983 and gitlab-com/gl-infra/delivery#19984 (closed).

Testing

[1] pry(main)> Struct.new('Issuable', :url)

[4] pry(main)> blog_post = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[5] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: blog_post, issue_type: 'patch_blog_post').send_notification
2024-06-19 16:21:46.965993 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"patch_blog_post"}

[6] pry(main)> appsec_task = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[7] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: appsec_task, issue_type: 'appsec_task_issue').send_notification
2024-06-19 16:22:41.930099 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"appsec_task_issue"}

[8] pry(main)> comms_issue = Struct::Issuable.new(url: 'http://foo')
=> #<struct Struct::Issuable url="http://foo">
[9] pry(main)> ReleaseTools::Slack::Security::AppSecNotifier.new(issuable: comms_issue, issue_type: 'comms_security_task_issue').send_notification
2024-06-19 16:23:32.900777 I ReleaseTools::Slack::Security::AppSecNotifier -- Posting a message in the AppSec slack channel -- {:issuable=>"http://foo", :issue_type=>"comms_security_task_issue"}

Slack notifications

Blog post AppSec task issue Comms issue
Screenshot_2024-06-19_at_4.25.33_p.m. Screenshot_2024-06-19_at_4.25.49_p.m. Screenshot_2024-06-19_at_4.26.03_p.m.

Author Check-list

  • [-] Has documentation been updated?
Edited by Mayra Cabrera

Merge request reports