Implement reformatted grouped report text
Problem to solve
Taken from #204176 (closed)
@tlavi conducted SAST research with participants which revealed that users are confused by a job failing or succeeding and the relationship to vulnerabilities being found within it. For example, it's confusing if a job succeeds even though there are vulnerabilities found within. See the video of the research readout here and the slides here.
This issue split from #204176 (closed) to address the message change and addition of colored text shown in the mockup below.
Proposal
The current way we generate the report text is a bit cumbersome and any changes to it would be tricky.
We're probably better off rewriting it using <gl-sprintf />
and some nicer logic.
The text in the screenshot reads: Security scanning found 2 critical and 1 high severity vulnerabilities out of 162
.
We'd need to catch all the other cases though.
Documentation
TBD
Availability & Testing
The unit tests for the text generator will need updating and/or any other tests that rely on them working. Don't just delete them and write new ones as this will help us ensure we've caught all the edge cases.
What does success look like, and how can we measure that?
Success looks like the screenshot without any issues with edge cases.
Implimentation plan
-
Update the current tests to match what we expect to see -
Change the grouped text reports to accept severity instead of new
,dismissed
, etc. -
Update the output of grouped reports text to math the tests - [ ]
Add colorization of the severities with<gl-sprintf>