Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Snippets
  • Sign up now
  • Login
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 46,777
    • Issues 46,777
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,533
    • Merge requests 1,533
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #259255
Closed
Open
Issue created Sep 30, 2020 by Alexander Turinske@aturinske🌈Maintainer3 of 5 checklist items completed3/5 checklist items

Vulnerability Report Activity filter

Release notes

Vulnerability Reports are often the primary way security teams triage and manage vulnerabilities. The current filtering and sorting options provide quick ways to focus the list view on a subset of vulnerabilities for more efficient workflows. You can also see any vulnerabilities that have associated Issues or which subsequent scans indicate are resolved. This Activity column indicates at a glance which vulnerabilities might be ready to close out, which are in progress, and which ones might need some attention. However, this column was not one you could filter or sort on.!

You will now have even more control of your Vulnerability Report experience with the introduction of an Activity filter. Available in the Project, Group, and Security Center Vulnerability Reports, this new filter allows you to view vulnerabilities with Issues that are not yet resolved, that are resolved but have no associated Issues, that have Issues and are resolved, or that have no activity. The available filter options are mutually exclusive sets, allowing you to drill into precisely the vulnerability list view you need for any task.

https://docs.gitlab.com/ee/user/application_security/vulnerability_report/

Screen_Shot_2021-02-10_at_6.10.30_PM

Design (from Figma)

See Design Issue and parent Epics for details.

Columns/Tooltips Filter
image Screen_Shot_2020-09-11_at_9.30.07_AM

Proposed Behavior

To keep this simple and moving forward, let's go with the following for now:

  • Selecting the All and No activity options will unselect all other options
    • All effectively turns off this filter and displays all vulnerabilities according to the other filter values
    • No Activity will only show vulnerabilities that do not have Issues and are still unresolved
  • Selecting With issues or No longer detected will unselect All or No activity.
  • You can select both With issues AND No longer detected. In this case, you will only see vulnerabilities that match both criteria.

To help distinguish that the Activity filter behaves differently from the other filters, we will change the checkmarks next to With issues and No longer detected to checkboxes (All and No activity will remain as checkmarks`). We can revisit the UX in a follow up issue after everyone is back from the holiday break.

Implementation Plan

  • frontend update the filters to add a filter for activity
    • Since these filters are static, I believe this involves just adding the filter to ee/app/assets/javascripts/security_dashboard/helpers.js and an update to the graphql query to filter by activity.
    • the GraphQL query has been updated to take two more parameters hasIssues and hasResolution
    • so the following filters should use the following parameters:
      • All: hasIssues = null and hasResolution = null
      • No activity: hasIssues = false and hasResolution = false
      • With issues: hasIssues = true and hasResolution = false
      • No longer detected: hasIssues = false and hasResolution = true
    • treat the No activity filter like the All filter (i.e. if No activity is selected, all other options are unselected, if another selection is made, No activity is unselected)

Related to #230381 (closed)

Edited Feb 11, 2021 by Matt Wilson
Assignee
Assign to
Time tracking