Resolve no longer found vulnerabilities (!29) · Merge requests · GitLab.org / Secure Stage / tools / Security triage automation

Serena Fang requested to merge resolve-no-longer-found-vuln-and-close-issue into master May 18, 2023

What does this MR do?

When a vulnerability is no longer detected in the default branch, it should be marked as resolved. If the resolved vulnerability has an issue linked to it, the issue should also be closed. This MR adds this functionality to the security-triage-automation script:

--resolve-and-close/ -x finds vulnerabilities that are no longer detected in the default branch and marks them as 'Resolved'. If the resolved vulnerability has a linked issue, close the issue.

Testing

Follow the script setup instructions, then pick a test vulnerability that is resolved in master that has a linked issue. I used this one: https://gitlab.com/serenafang/secrets/-/security/vulnerabilities/84158306

./main.rb -p serenafang/secrets -i serenafang/secrets vulnerability=84158306 --resolve-and-close

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab/-/issues/384486

Edited Jun 22, 2023 by Serena Fang

Resolve no longer found vulnerabilities

What does this MR do?

Testing

What are the relevant issue numbers?

Merge request reports