Design: Vulnerability list Search functionality
Problem to solve
The current vulnerability list only has limited filtering options, making it difficult and inefficient for users to quickly locate the specific vulnerabilities they want to see. This becomes even more painful at the Group and Project level where there may be thousands or tens of thousands of vulnerabilities.
Intended users
Further details
Having more powerful, dynamic filtering combined with text search will be a key aspect of maturing Vulnerability management. Use cases include:
- Viewing results only for a specific scanner or 3rd-party vendor
- Looking for similar or related vulnerabilities across scanner types
- Creating exportable reports containing only necessary vulnerability data
- Identifying multiple vulnerabilities for a bulk action like dismissing
- Showing only vulnerabilities without an associated Issue or vulnerabilities with Issues that are not yet resolved (closed).
In addition to simple filtering and text string searching, we should plan to enable more advanced search use cases by providing more powerful options. Some examples we might consider:
- Boolean operators: AND, OR, NOT
- Expression grouping: (cve=cve-12345) OR (scanner=DAST AND severity=Critical)
- Wildcard operators (*, ?, %, etc.)
- Regular expressions
It should be possible to combine advanced options where it makes sense and is technically reasonable.
Users should also be able to easily chose the scope of text searches. By default, text searches should include all vulnerability object fields. But we should consider making it easy to limit text search scope to only a subset of fields the user choses. Additionally, it would be beneficial to let users have searches apply to all vulnerabilities in the given Security Dashboard scope (Project, Group, Instance) or just the subset that currently applies due to any applied filters.