Vulnerability Report Activity filter
Release notes
Vulnerability Reports are often the primary way security teams triage and manage vulnerabilities. The current filtering and sorting options provide quick ways to focus the list view on a subset of vulnerabilities for more efficient workflows. You can also see any vulnerabilities that have associated Issues or which subsequent scans indicate are resolved. This Activity column indicates at a glance which vulnerabilities might be ready to close out, which are in progress, and which ones might need some attention. However, this column was not one you could filter or sort on.!
You will now have even more control of your Vulnerability Report experience with the introduction of an Activity filter. Available in the Project, Group, and Security Center Vulnerability Reports, this new filter allows you to view vulnerabilities with Issues that are not yet resolved, that are resolved but have no associated Issues, that have Issues and are resolved, or that have no activity. The available filter options are mutually exclusive sets, allowing you to drill into precisely the vulnerability list view you need for any task.
https://docs.gitlab.com/ee/user/application_security/vulnerability_report/
Screen_Shot_2021-02-10_at_6.10.30_PM
Design (from Figma)
See Design Issue and parent Epics for details.
Columns/Tooltips | Filter |
---|---|
![]() |
![]() |
Proposed Behavior
To keep this simple and moving forward, let's go with the following for now:
- Selecting the
All
andNo activity
options will unselect all other options-
All
effectively turns off this filter and displays all vulnerabilities according to the other filter values -
No Activity
will only show vulnerabilities that do not have Issues and are still unresolved
-
- Selecting
With issues
orNo longer detected
will unselectAll
orNo activity
. - You can select both
With issues
ANDNo longer detected
. In this case, you will only see vulnerabilities that match both criteria.
To help distinguish that the Activity filter behaves differently from the other filters, we will change the checkmarks next to With issues
and No longer detected
to checkboxes (All
and No activity
will remain as checkmarks`). We can revisit the UX in a follow up issue after everyone is back from the holiday break.
Implementation Plan
-
frontend update the filters to add a filter for activity -
Since these filters are static, I believe this involves just adding the filter to ee/app/assets/javascripts/security_dashboard/helpers.js
and an update to the graphql query to filter by activity. -
the GraphQL query has been updated to take two more parameters hasIssues
andhasResolution
-
so the following filters should use the following parameters: -
All
:hasIssues
=null
andhasResolution
=null
-
No activity
:hasIssues
=false
andhasResolution
=false
-
With issues
:hasIssues
=true
andhasResolution
=false
-
No longer detected
:hasIssues
=false
andhasResolution
=true
-
-
treat the No activity
filter like theAll
filter (i.e. ifNo activity
is selected, all other options are unselected, if another selection is made,No activity
is unselected)
-
Related to #230381 (closed)