Standalone vulnerabilities on Dependency List page
This is a follow-up from #195928 (closed)
Summary
Right now on Dependency List page, we have information about vulnerabilities, but it's not actionable. We need to provide a link to the standalone vulnerability page so users can interact with vulnerabilities.
Current limitation
We parse info for the Dependency List page on-fly. That means that vulnerabilities come not from the database but from the report itself. To link Dependency List with Standalone vulnerabilities, firstly, we need to change the way we select vulnerabilities to the Dependency List payload.
Implementation plan
frontend
-
Link vulnerabilities to standalone/first-class vulnerability pages
backend #214095 (closed) (weight 8)
-
Merge to dependency payload vulnerabilities stored in db. (Right now, data about vulnerabilities is taken from the parsed report). Vulnerabilities added to dependencies payload should be standalone vulnerabilities -
Merge to vulnerability payload id of associated Vulnerability
andpath
, which is the path to the vulnerability's object page.
documentation
- Update the Dependency List's screenshot and table column description
Availability and Testing
SET will extend the current Dependency List End to End test to include Vulnerability verification. gitlab-org/quality/testcases#1672 (closed)
Edited by Will Meek