Use coerce_with to downcase inputs

ee/app/services/vulnerabilities/create_service_base.rb

@@ -30,26 +30,18 @@ module Vulnerabilities
       GENERIC_REPORT_TYPE
     end
 
-    def sanitize_enums(vulnerability_hash)
-      vulnerability_hash
+    def initialize_vulnerability(vulnerability_hash)
+      attributes = vulnerability_hash
         .slice(*%i[
           description
           state
           severity
           confidence
-        ])
-        .transform_values(&:downcase)
-    end
-
-    def initialize_vulnerability(vulnerability_hash)
-      attributes = vulnerability_hash
-        .slice(*%i[
           detected_at
           confirmed_at
           resolved_at
           dismissed_at
         ])
-        .merge(sanitize_enums(vulnerability_hash))
         .merge(
           project: @project,
           author: @author,

ee/app/services/vulnerabilities/starboard_vulnerability_create_service.rb

@@ -72,7 +72,6 @@ module Vulnerabilities
 
     def initialize_vulnerability(vulnerability_hash)
       vulnerability_hash[:state] = :detected
-      vulnerability_hash[:title] = vulnerability_hash[:name]
       super(vulnerability_hash)
     end
   end

ee/lib/ee/api/internal/kubernetes.rb

@@ -62,8 +62,8 @@ module EE
                 params do
                   requires :vulnerability, type: Hash, desc: 'Vulnerability details matching the `vulnerability` object on the security report schema' do
                     requires :name, type: String
-                    requires :severity, type: String
-                    requires :confidence, type: String
+                    requires :severity, type: String, coerce_with: ->(s) { s.downcase }
+                    requires :confidence, type: String, coerce_with: ->(c) { c.downcase }
 
                     requires :location, type: Hash do
                       requires :image, type: String

ee/spec/requests/api/internal/kubernetes_spec.rb

@@ -232,8 +232,8 @@ RSpec.describe API::Internal::Kubernetes do
         {
           vulnerability: {
             name: 'CVE-123-4567 in libc',
-            severity: 'high',
-            confidence: 'unknown',
+            severity: 'High',
+            confidence: 'Unknown',
             location: {
               image: 'index.docker.io/library/nginx:latest',
               kubernetes_resource: {

ee/spec/services/vulnerabilities/manually_create_service_spec.rb

@@ -252,27 +252,6 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
             expect(subject.message).to match(/confirmed_at can only be set/)
           end
         end
-
-        context 'with capitalized enum fields' do
-          let(:params) do
-            {
-              vulnerability: {
-                name: "Test vulnerability",
-                state: "Detected",
-                severity: "Unknown",
-                confidence: "Unknown",
-                identifiers: [identifier_attributes],
-                scanner: scanner_attributes
-              }
-            }
-          end
-
-          it 'does not raise an exception' do
-            expect { subject }.not_to raise_error
-
-            expect(subject.success?).to be_truthy
-          end
-        end
       end
 
       context 'with invalid parameters' do

ee/spec/services/vulnerabilities/starboard_vulnerability_create_service_spec.rb

@@ -6,16 +6,14 @@ RSpec.describe Vulnerabilities::StarboardVulnerabilityCreateService do
   let(:agent) { create(:cluster_agent) }
   let(:project) { agent.project }
   let(:user) { agent.created_by_user }
-  let(:severity) { 'high' }
-  let(:confidence) { 'unknown' }
   let(:params) do
     {
       vulnerability: {
         name: 'CVE-123-4567 in libc',
         message: 'Vulnerability message',
         description: 'Vulnerability description',
-        severity: severity,
-        confidence: confidence,
+        severity: 'high',
+        confidence: 'unknown',
         location: {
           kubernetes_resource: {
             namespace: 'production',
@@ -75,16 +73,6 @@ RSpec.describe Vulnerabilities::StarboardVulnerabilityCreateService do
         expect(scanner.name).to eq(params.dig(:scanner, :name))
         expect(scanner.vendor).to eq(params.dig(:scanner, :vendor, :name))
       end
-
-      context 'with capitalized enums' do
-        let(:severity) { 'High' }
-        let(:confidence) { 'Unknown' }
-
-        it 'does not raise exception' do
-          expect { subject }.not_to raise_error
-          expect(subject.success?).to be_truthy
-        end
-      end
     end
 
     context 'with feature disabled' do