Merge branch '8725-confidential-issue-from-vulnerability' into 'master'

Make issue created from vulnerability feedback confidential Closes #8725 See merge request gitlab-org/gitlab-ee!9157

Merge branch '8725-confidential-issue-from-vulnerability' into 'master'
Make issue created from vulnerability feedback confidential Closes #8725 See merge request gitlab-org/gitlab-ee!9157
267f2854 · Kamil Trzciński · 3e2eda24 · 699d3bc7 · 267f2854 · 267f2854
Commit 267f2854 authored Jan 17, 2019 by Kamil Trzciński
5 changed files
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@@ -343,7 +343,7 @@ a detailed information will pop up with two different possible options:
 - **Dismiss vulnerability** - Dismissing a vulnerability will place a <s>strikethrough</s> styling on it.
 - **Create issue** - The new issue will have the title and description
-  pre-populated with the information from the vulnerability report.
+  pre-populated with the information from the vulnerability report and is created as [confidential](../issues/confidential_issues.md) by default.
 - **Solution** - For some vulnerabilities ([Dependency Scanning](dependency_scanning.md) and [Container Scanning](container_scanning.md))
  a solution is provided for how to fix the vulnerability.

--- a/doc/user/project/security_dashboard.md
+++ b/doc/user/project/security_dashboard.md
@@ -9,11 +9,11 @@ Use it to find and fix vulnerabilities affecting the [default branch](./reposito
 ## How it works?
-To benefit from the Security Dashboard you must first configure the [Security Reports](merge_requests/index.md#security-reports).
+To benefit from the Security Dashboard you must first configure the [Security Reports](merge_requests/index.md#security-reports-ultimate).
 The Security Dashboard will then list security vulnerabilities from the latest pipeline run on the default branch (e.g., `master`).
-You will also be able to interact with the reports [the same way you can on a merge request](merge_requests/index.md#interacting-with-security-reports).
+You will also be able to interact with the reports [the same way you can on a merge request](merge_requests/index.md#interacting-with-security-reports-ultimate).
 ## Keeping the Security Dashboard updated

--- a/ee/app/services/issues/create_from_vulnerability_data_service.rb
+++ b/ee/app/services/issues/create_from_vulnerability_data_service.rb
@@ -16,7 +16,8 @@ module Issues
      issue_params = {
        title: "Investigate vulnerability: #{vulnerability.title}",
-        description: render_description(vulnerability)
+        description: render_description(vulnerability),
+        confidential: true
      }
      issue = Issues::CreateService.new(@project, @current_user, issue_params).execute

--- a/ee/changelogs/unreleased/8725-confidential-issue-from-vulnerability.yml
+++ b/ee/changelogs/unreleased/8725-confidential-issue-from-vulnerability.yml
+---
+title: Issues created from vulnerabilities are now confidential by default
+merge_request: 9157
+author:
+type: changed
--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -20,6 +20,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
      expect(issue.author).to eq(user)
      expect(issue.title).to eq(expected_title)
      expect(issue.description).to eq(expected_description)
+      expect(issue).to be_confidential
    end
  end