Fix description template when NVD severity differs (!52) · Merge requests · GitLab.org / Secure Stage / tools / Security triage automation

Arpit Gogia requested to merge fix-description-template into master Apr 02, 2024

What does this MR do?

When NVD's severity differs from the severity in the security report, a markdown list is added to the description to show the comparison. The two subsequent commands (on line 29 and 30) might be getting misinterpreted by the markdown parser and not getting applied. These commands apply the label "nvd_severity_differs" and /confidential to the issue.

Example issues where this has happened: https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=due_date_desc&state=opened&label_name%5B%5D=security_auto_triage&label_name%5B%5D=section%3A%3Asec&in=DESCRIPTION&search=nvd_severity_differs&first_page_size=100

Relevant Slack Discussion: https://gitlab.slack.com/archives/C8S0HHM44/p1711973990457489

Solution

Add blank lines around the label command to ensure it is parsed correctly
Remove /confidential command use the confidential parameter in the CreateIssueMutation

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug

Edited Apr 02, 2024 by Arpit Gogia

Fix description template when NVD severity differs

What does this MR do?

Solution

Does this MR meet the acceptance criteria?

Merge request reports