Standalone vulnerabilities on Dependency List page

This is a follow-up from #195928 (closed)

Summary

Right now on Dependency List page, we have information about vulnerabilities, but it's not actionable. We need to provide a link to the standalone vulnerability page so users can interact with vulnerabilities.

Current limitation

We parse info for the Dependency List page on-fly. That means that vulnerabilities come not from the database but from the report itself. To link Dependency List with Standalone vulnerabilities, firstly, we need to change the way we select vulnerabilities to the Dependency List payload.

Implementation plan

frontend

Link vulnerabilities to standalone/first-class vulnerability pages

backend #214095 (closed) (weight 8)

Merge to dependency payload vulnerabilities stored in db. (Right now, data about vulnerabilities is taken from the parsed report). Vulnerabilities added to dependencies payload should be standalone vulnerabilities
Merge to vulnerability payload id of associated Vulnerability and path, which is the path to the vulnerability's object page.

documentation

Update the Dependency List's screenshot and table column description

Availability and Testing

SET will extend the current Dependency List End to End test to include Vulnerability verification. gitlab-org/quality/testcases#1672 (closed)

Edited Feb 02, 2021 by Will Meek