API support for updating severity counts as filters are applied
Problem to solve
The current Security Dashboards display tiles for each severity level with a count of the number of vulnerabilities with that severity. However, the count is both static (does not update as you filter the vulnerability list) and does not count vulnerabilities with a Dismissed
or Resolved
state. This is confusing as the counts at the top almost never match what you see in the vulnerability list.
Intended users
- [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-
Proposal
The counts in the severity "tiles" at the top should always match the number of vulnerabilities displayed of the same severity in the vulnerability list. When a filter (Status, Scanner, Severity, etc.) is applied, the counts should update along with the vulnerabilities displayed in the list.
Further details
This behavior should apply to the Project, Group, and Instance Security Dashboards
The frontend work is tracked in this separate issue #231400 (closed)
Documentation
Any API specific doc updates necessary should be completed as part of this issue.
Implementation plan
-
backend Write resolver for vulnerability_severities_count
field fromTypes::ProjectType
that will take same arguments asResolvers::VulnerabilitiesResolver
(consider extracting the list of arguments to separate module and include them in bothResolvers::VulnerabilitiesResolver
and newly createdResolvers::VulnerabilitiesCountResolver
), -
backend Extend Security::VulnerabilitiesFinder
to support optional counting vulnerabilities grouped by severity and use it in newly createdResolvers::VulnerabilitiesCountResolver
, -
backend Extend Types::InstanceSecurityDashboardType
andTypes::GroupType
with new fieldvulnerability_severities_count
that will use newly createdResolvers::VulnerabilitiesCountResolver