Fix description template when NVD severity differs
What does this MR do?
When NVD's severity differs from the severity in the security report, a markdown list is added to the description to show the comparison. The two subsequent commands (on line 29 and 30) might be getting misinterpreted by the markdown parser and not getting applied. These commands apply the label "nvd_severity_differs" and /confidential
to the issue.
Example issues where this has happened: https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=due_date_desc&state=opened&label_name%5B%5D=security_auto_triage&label_name%5B%5D=section%3A%3Asec&in=DESCRIPTION&search=nvd_severity_differs&first_page_size=100
Relevant Slack Discussion: https://gitlab.slack.com/archives/C8S0HHM44/p1711973990457489
Solution
- Add blank lines around the label command to ensure it is parsed correctly
- Remove
/confidential
command use theconfidential
parameter in theCreateIssueMutation
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug
Edited by Arpit Gogia