Allow Slack notifications to be fired on detecting new vulnerability334951-vulnerability-slack-notification

Add option to send a slack notification to the specified channel via
Slack Notifications integration when a new unique vulnerability is
detected in a project.

Changelog: added
Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>

8 files changed, 52 insertions, 4 deletions

diff --git a/app/models/integrations/base_chat_notification.rb b/app/models/integrations/base_chat_notification.rb
index 5eae8bce92a..5eba906b178 100644
--- a/app/models/integrations/base_chat_notification.rb
+++ b/app/models/integrations/base_chat_notification.rb
@@ -61,7 +61,12 @@ module Integrations
     end
 
     def self.supported_events
-      SUPPORTED_EVENTS
+      SUPPORTED_EVENTS + extra_events
+    end
+
+    # To be overridden either by inherited classes or in EE
+    def self.extra_events
+      []
     end
 
     def fields
@@ -253,3 +258,5 @@ module Integrations
     end
   end
 end
+
+Integrations::BaseChatNotification.prepend_mod_with('Integrations::BaseChatNotification')
diff --git a/db/migrate/20210707163659_add_vulnerability_events_to_integrations.rb b/db/migrate/20210707163659_add_vulnerability_events_to_integrations.rb
new file mode 100644
index 00000000000..e2cc2ea587e
--- /dev/null
+++ b/db/migrate/20210707163659_add_vulnerability_events_to_integrations.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AddVulnerabilityEventsToIntegrations < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    with_lock_retries do
+      add_column :integrations, :vulnerability_events, :boolean
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :integrations, :vulnerability_events
+    end
+  end
+end
diff --git a/db/schema_migrations/20210707163659 b/db/schema_migrations/20210707163659
new file mode 100644
index 00000000000..e0c33c79a85
--- /dev/null
+++ b/db/schema_migrations/20210707163659
@@ -0,0 +1 @@
+ac14aa49830a3af9a1445c0c7680f5660247a8104c8e4c1ae542c4b368f7c9bf
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 1dc5955ad6c..5567de6cfed 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -14037,7 +14037,8 @@ CREATE TABLE integrations (
     comment_detail smallint,
     inherit_from_id bigint,
     alert_events boolean,
-    group_id bigint
+    group_id bigint,
+    vulnerability_events boolean
 );
 
 CREATE SEQUENCE integrations_id_seq
diff --git a/doc/api/services.md b/doc/api/services.md
index fea32b06487..da557dca568 100644
--- a/doc/api/services.md
+++ b/doc/api/services.md
@@ -41,7 +41,8 @@ Example response:
     "pipeline_events": true,
     "wiki_page_events": true,
     "job_events": true,
-    "comment_on_event_enabled": true
+    "comment_on_event_enabled": true,
+    "vulnerability_events": true
   },
   {
     "id": 76,
@@ -61,7 +62,8 @@ Example response:
     "pipeline_events": true,
     "wiki_page_events": true,
     "job_events": true,
-    "comment_on_event_enabled": true
+    "comment_on_event_enabled": true,
+    "vulnerability_events": true
   }
 ]
 ```
@@ -1153,6 +1155,8 @@ Parameters:
 | `tag_push_events` | boolean | false | Enable notifications for tag push events |
 | `wiki_page_channel` | string | false | The name of the channel to receive wiki page events notifications |
 | `wiki_page_events` | boolean | false | Enable notifications for wiki page events |
+| `vulnerability_channel` | string | false | The name of the channel to receive vulnerability events notifications |
+| `vulnerability_events` | boolean | false | Enable notifications for vulnerability events |
 
 ### Delete Slack service
 
diff --git a/doc/user/project/integrations/slack.md b/doc/user/project/integrations/slack.md
index 17d1c3adcb5..7dd19e7c2bb 100644
--- a/doc/user/project/integrations/slack.md
+++ b/doc/user/project/integrations/slack.md
@@ -67,6 +67,7 @@ The following triggers are available for Slack notifications:
 - **Wiki page**: Triggered when a wiki page is created or updated.
 - **Deployment**: Triggered when a deployment starts or finishes.
 - **Alert**: Triggered when a new, unique alert is recorded.
+- **Vulnerability**: Triggered when a new, unique vulnerability is reported.
 
 ## Troubleshooting
 
diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb
index 06539772568..bf14eb7af92 100644
--- a/lib/api/helpers/integrations_helpers.rb
+++ b/lib/api/helpers/integrations_helpers.rb
@@ -96,6 +96,12 @@ module API
             name: :wiki_page_channel,
             type: String,
             desc: 'The name of the channel to receive wiki_page_events notifications'
+          },
+          {
+            required: false,
+            name: :vulnerability_channel,
+            type: String,
+            desc: 'The name of the channel to receive vulnerability_events notifications'
           }
         ].freeze
       end
@@ -155,6 +161,12 @@ module API
             name: :wiki_page_events,
             type: Boolean,
             desc: 'Enable notifications for wiki_page_events'
+          },
+          {
+            required: false,
+            name: :vulnerability_events,
+            type: Boolean,
+            desc: 'Enable notifications for vulnerability_events'
           }
         ].freeze
       end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 7890e51d20a..27c558a62bf 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -25603,6 +25603,9 @@ msgstr ""
 msgid "ProjectService|Trigger event when a new, unique alert is recorded."
 msgstr ""
 
+msgid "ProjectService|Trigger event when a new, unique vulnerability is recorded."
+msgstr ""
+
 msgid "ProjectService|Trigger event when a pipeline status changes."
 msgstr ""