Add manual vulnerability creation page

ee/app/assets/javascripts/pages/projects/security/vulnerabilities/new/index.js

+import initNewVulnerability from 'ee/vulnerabilities/new_vulnerability_init';
+
+initNewVulnerability(document.getElementById('js-vulnerability-new'));

ee/app/assets/javascripts/vulnerabilities/components/new_vulnerability/new_vulnerability.vue

+<script>
+import { s__ } from '~/locale';
+
+export default {
+  i18n: {
+    title: s__('VulnerabilityManagement|Add vulnerability finding'),
+    description: s__(
+      'VulnerabilityManagement|Manually add a vulnerability entry into the vulnerability report.',
+    ),
+  },
+};
+</script>
+
+<template>
+  <div>
+    <header class="gl-my-4 gl-border-b-gray-100 gl-border-b-solid gl-border-b-1">
+      <h2 class="gl-mt-0 gl-mb-3">
+        {{ $options.i18n.title }}
+      </h2>
+      <p data-testid="page-description">
+        {{ $options.i18n.description }}
+      </p>
+    </header>
+  </div>
+</template>

ee/app/assets/javascripts/vulnerabilities/new_vulnerability_init.js

+import Vue from 'vue';
+import apolloProvider from 'ee/security_dashboard/graphql/provider';
+import App from 'ee/vulnerabilities/components/new_vulnerability/new_vulnerability.vue';
+
+export default (el) => {
+  if (!el) {
+    return null;
+  }
+
+  return new Vue({
+    el,
+    apolloProvider,
+    render: (h) =>
+      h(App, {
+        props: {},
+      }),
+  });
+};

ee/app/controllers/projects/security/vulnerabilities_controller.rb

@@ -12,7 +12,8 @@ module Projects
         push_frontend_feature_flag(:create_vulnerability_jira_issue_via_graphql, @project, default_enabled: :yaml)
       end
 
-      before_action :vulnerability, except: :index
+      before_action :vulnerability, except: [:index, :new]
+      before_action :authorize_create_vulnerability!, only: :new
 
       alias_method :vulnerable, :project
 

ee/app/views/projects/security/vulnerabilities/new.html.haml

+- @content_class = "limit-container-width" unless fluid_layout
+- add_to_breadcrumbs _("Vulnerability Report"), project_security_vulnerability_report_index_path(@project)
+- breadcrumb_title _("Add vulnerability finding")
+- page_title _("Add vulnerability finding")
+- add_page_specific_style 'page_bundles/security_dashboard'
+
+#js-vulnerability-new

ee/config/routes/project.rb

@@ -76,7 +76,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
           resources :scanned_resources, only: [:index]
 
-          resources :vulnerabilities, only: [:show] do
+          resources :vulnerabilities, only: [:show, :new] do
             member do
               get :discussions, format: :json
             end

ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb

@@ -15,6 +15,34 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
     sign_in(user)
   end
 
+  describe 'GET #new' do
+    let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } }
+
+    include_context '"Security & Compliance" permissions' do
+      let(:valid_request) { request_new_vulnerability_page }
+    end
+
+    it 'renders the add new finding page' do
+      request_new_vulnerability_page
+
+      expect(response).to have_gitlab_http_status(:ok)
+    end
+
+    context 'when user can not create vulnerability' do
+      before do
+        guest = create(:user)
+        project.add_guest(guest)
+        sign_in(guest)
+      end
+
+      it 'renders a 403' do
+        request_new_vulnerability_page
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+  end
+
   describe 'GET #show' do
     let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
     let_it_be(:vulnerability) { create(:vulnerability, project: project) }

ee/spec/frontend/vulnerabilities/new_vulnerability/new_vulnerability_spec.js

+import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import NewVulnerability from 'ee/vulnerabilities/components/new_vulnerability/new_vulnerability.vue';
+
+describe('New vulnerability component', () => {
+  let wrapper;
+
+  const createWrapper = () => {
+    return shallowMountExtended(NewVulnerability, {});
+  };
+
+  beforeEach(() => {
+    wrapper = createWrapper();
+  });
+
+  afterEach(() => {
+    wrapper.destroy();
+  });
+
+  it('should render the page title and description', () => {
+    expect(wrapper.findByRole('heading', { name: 'Add vulnerability finding' }).exists()).toBe(
+      true,
+    );
+    expect(wrapper.findByTestId('page-description').text()).toBe(
+      'Manually add a vulnerability entry into the vulnerability report.',
+    );
+  });
+});

locale/gitlab.pot

@@ -2133,6 +2133,9 @@ msgstr ""
 msgid "Add variable"
 msgstr ""
 
+msgid "Add vulnerability finding"
+msgstr ""
+
 msgid "Add webhook"
 msgstr ""
 
@@ -38397,6 +38400,9 @@ msgstr ""
 msgid "VulnerabilityManagement|A true-positive and will fix"
 msgstr ""
 
+msgid "VulnerabilityManagement|Add vulnerability finding"
+msgstr ""
+
 msgid "VulnerabilityManagement|Change status"
 msgstr ""
 
@@ -38412,6 +38418,9 @@ msgstr ""
 msgid "VulnerabilityManagement|Fetching linked Jira issues"
 msgstr ""
 
+msgid "VulnerabilityManagement|Manually add a vulnerability entry into the vulnerability report."
+msgstr ""
+
 msgid "VulnerabilityManagement|Needs triage"
 msgstr ""