Merge branch 'use-scan-information' into 'master'

Use scan information in issue template

See merge request gitlab-org/gitlab!44620

ee/app/views/vulnerabilities/issue_description.md.erb

@@ -60,3 +60,23 @@
   </details>
 <% end %>
 <% end %>
+
+<% if vulnerability.try(:scan).present? && vulnerability.try(:scanner).present? %>
+### <%= _("Scanner") %>:
+
+<% if vulnerability&.scanner[:name].present? %>
+* <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
+<% end %>
+<% if vulnerability&.scan[:type].present? %>
+* <%= _("Type") %>: <%= vulnerability.scan[:type] %>
+<% end %>
+<% if vulnerability&.scan[:status].present? %>
+* <%= _("Status") %>: <%= vulnerability.scan[:status] %>
+<% end %>
+<% if vulnerability&.scan[:start_time].present? %>
+* <%= _("Start Time") %>: <%= vulnerability.scan[:start_time] %>
+<% end %>
+<% if vulnerability&.scan[:end_time].present? %>
+* <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
+<% end %>
+<% end %>

ee/changelogs/unreleased/use-scan-information.yml

+---
+title: Include additional information related from scan in issue template
+merge_request: 44620
+author:
+type: added

ee/spec/lib/gitlab/vulnerabilities/base_vulnerability_spec.rb

@@ -21,7 +21,7 @@ RSpec.describe Gitlab::Vulnerabilities::BaseVulnerability do
       location: { file: 'main.rb', start_line: 14, blob_path: '/bar/foo/main.rb#14' },
       solution: 'upgrade dependencies',
       scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
-      scan: { external_id: 'gemnasium', name: 'Gemnasium' }
+      scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
     }
   end
 

ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb

@@ -86,7 +86,9 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
               url: 'https;//example.com/blog-post'
             }, {
               url: 'https://example.com/another-link'
-            }]
+            }],
+            scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
+            scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
           }
         end
 
@@ -115,6 +117,15 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
 
             * [Awesome-security blog post](https;//example.com/blog-post)
             * https://example.com/another-link
+
+
+            ### Scanner:
+
+            * Name: Gemnasium
+            * Type: dependency_scanning
+            * Status: success
+            * Start Time: placeholder
+            * End Time: placeholder
           DESC
         end
 
@@ -132,7 +143,9 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
             line: '15',
             cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
             title: 'Predictable pseudorandom number generator',
-            tool: 'find_sec_bugs'
+            tool: 'find_sec_bugs',
+            scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
+            scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
           }
         end
 
@@ -150,6 +163,17 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
             ### Solution:
 
             Please do something!
+
+
+
+
+            ### Scanner:
+
+            * Name: Gemnasium
+            * Type: dependency_scanning
+            * Status: success
+            * Start Time: placeholder
+            * End Time: placeholder
           DESC
         end
 

locale/gitlab.pot

@@ -9824,6 +9824,9 @@ msgstr ""
 msgid "Encountered an error while rendering: %{err}"
 msgstr ""
 
+msgid "End Time"
+msgstr ""
+
 msgid "Ends at (UTC)"
 msgstr ""
 
@@ -22600,6 +22603,9 @@ msgstr ""
 msgid "Saving project."
 msgstr ""
 
+msgid "Scanner"
+msgstr ""
+
 msgid "Schedule a new pipeline"
 msgstr ""
 
@@ -24698,6 +24704,9 @@ msgstr ""
 msgid "Start Date"
 msgstr ""
 
+msgid "Start Time"
+msgstr ""
+
 msgid "Start Web Terminal"
 msgstr ""