Add solution html to vulnerability modal
What does this MR do and why?
Related #452483 (closed)
In %17.0 we added the solutionHtml
to PipelineSecurityReportFindingType
with !149583 (merged).
Now we're using this to display the GitLab flavored markdown solution in the vulnerability modal.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
![]() |
![]() |
![]() |
![]() |
How to set up and validate locally
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
-
Import https://gitlab.com/lorenzvanherwaarden/test-remediations-with-solution-html (
❗ different than default security-reports repo) - Run a pipeline on master
Validate
- Go to the latest pipeline > security tab
- Click the critical finding to open the finding modal
- Validate that the modal's Solution part contains the markdown, including a rendered mermaid diagram and the green addition label.
Merge request reports
Activity
changed milestone to %17.1
assigned to @lorenzvanherwaarden
added pipeline:run-all-e2e label
removed workflowin dev label
removed backend label
4 Warnings ⚠ 15a9089f: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines. ⚠ featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart.
For more information, see:
- The Handbook page on merge request types.
- The definition of done documentation.
⚠ This merge request contains lines with testid selectors. Please ensure e2e:package-and-test
job is run.⚠ This merge request changed undocumented Vue components in
vue_shared/
. Please consider creating Stories for these components:ee/app/assets/javascripts/vue_shared/security_reports/components/solution_card_graphql.vue
testid
selectorsThe following changed lines in this MR contain
testid
selectors:ee/app/assets/javascripts/vue_shared/security_reports/components/solution_card_graphql.vue
- <span class="flex-shrink-1 gl-pl-0" data-testid="solution-text">{{ solutionText }}</span> + data-testid="solution-html" + <span v-else data-testid="solution-text">{{ solutionText }}</span>
If the
e2e:package-and-test
job in theqa
stage has run automatically, please ensure the tests are passing. If the job has not run, please start themanual:e2e-test-pipeline-generate
job in theprepare
stage and ensure the tests infollow-up:e2e:package-and-test-ee
pipeline are passing.For the list of known failures please refer to the latest pipeline triage issue.
If your changes are under a feature flag, please check our Testing with feature flags documentation for instructions.
Reviewer roulette
Category Reviewer Maintainer frontend @aalakkad
(UTC+3, 1 hour ahead of author)
@ealcantara
(UTC+2, same timezone as author)
UX @beckalippert
(UTC-5, 7 hours behind author)
Maintainer review is optional for UX Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
Tailwind CSS
Legacy utils
The following files contain legacy utils:
-
ee/app/assets/javascripts/vue_shared/security_reports/components/solution_card_graphql.vue
gl-display-flex
gl-align-items-flex-start
Use the Tailwind documentation to find the Tailwind equivalent to these legacy utils. If the Tailwind equivalent is not available it is okay to use the legacy util for now. The Tailwind equivalent will be made available when the corresponding migration issue in &13521 (closed) is completed.
If needed, you can retry the
🔁 danger-review
job that generated this comment.Generated by
🚫 DangerEdited by Ghost UserBundle size analysis [beta]
This compares changes in bundle size for entry points between the commits 312eb11b and e273cb8f
✨ Special assetsEntrypoint / Name Size before Size after Diff Diff in percent average 4.3 MB 4.3 MB - 0.0 % mainChunk 3.3 MB 3.3 MB - 0.0 %
Note: We do not have exact data for 312eb11b. So we have used data from: 741d8f64.
The intended commit has no webpack pipeline, so we chose the last commit with one before it.Please look at the full report for more details
Read more about how this report works.
Generated by
🚫 DangerEdited by Ghost UserE2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
✅ test report for e273cb8fexpand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Create | 120 | 0 | 10 | 93 | 130 | ✅ | | Govern | 64 | 0 | 1 | 41 | 65 | ✅ | | Data Stores | 31 | 0 | 0 | 22 | 31 | ✅ | | Verify | 31 | 0 | 1 | 30 | 32 | ✅ | | Plan | 54 | 0 | 2 | 47 | 56 | ✅ | | Package | 19 | 0 | 12 | 19 | 31 | ✅ | | Release | 5 | 0 | 0 | 5 | 5 | ✅ | | Monitor | 8 | 0 | 0 | 7 | 8 | ✅ | | Analytics | 1 | 0 | 1 | 0 | 2 | ✅ | | Manage | 0 | 0 | 1 | 0 | 1 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 333 | 0 | 28 | 264 | 361 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-package-and-test:
❌ test report for e273cb8fexpand test summary
+---------------------------------------------------------------------+ | suites summary | +----------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +----------------+--------+--------+---------+-------+-------+--------+ | GitLab Metrics | 2 | 0 | 1 | 0 | 3 | ✅ | | Create | 461 | 0 | 58 | 0 | 519 | ✅ | | Systems | 7 | 0 | 0 | 0 | 7 | ✅ | | Govern | 129 | 0 | 10 | 0 | 139 | ✅ | | Data Stores | 69 | 0 | 10 | 0 | 79 | ✅ | | Plan | 127 | 0 | 11 | 0 | 138 | ✅ | | Monitor | 20 | 0 | 9 | 0 | 29 | ✅ | | Package | 120 | 7 | 52 | 7 | 179 | ❌ | | Verify | 60 | 0 | 10 | 0 | 70 | ✅ | | Analytics | 2 | 0 | 1 | 0 | 3 | ✅ | | Manage | 30 | 2 | 8 | 2 | 40 | ❌ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Fulfillment | 4 | 0 | 25 | 2 | 29 | ✅ | | Configure | 1 | 0 | 3 | 0 | 4 | ✅ | | Release | 7 | 0 | 1 | 0 | 8 | ✅ | | Secure | 3 | 0 | 1 | 0 | 4 | ✅ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | | Ai-powered | 0 | 0 | 1 | 0 | 1 | ➖ | +----------------+--------+--------+---------+-------+-------+--------+ | Total | 1042 | 9 | 204 | 11 | 1255 | ❌ | +----------------+--------+--------+---------+-------+-------+--------+
Edited by Ghost User- Resolved by Lorenz van Herwaarden
@beckalippert can you review for UX?
requested review from @beckalippert
added pipelinetier-1 label
@sming-gitlab can you do the initial review?
requested review from @sming-gitlab
mentioned in issue #452483 (closed)