Design: Enhanced bulk actions

Release notes

Problem to solve

The first iteration of bulk actions only included the ability to change status. To complete our work with bulk actions, we need to include the ability to select all results based on the current filter (this moved out of this issue and into #350226), create an issue or attach to an existing issue from the selected set of results, along with staging a patch, though the latter might be further out if there are technical restraints.

Intended users

• Sam (Security Analyst)

User experience goal

Proposal

See designs in design section

Scope:

• Multi-select vulnerabilities and/or:
  • Select all of the currently filtered results and/or:
    • Priority 1:
      • Bulk all on-screen vs all in list
      • Moved to Bulk select all across pages
    • Priority 2:
      • Bulk change status with a comment
    • Priority 3:
      • Bulk attach to an existing issue
    • Priority 4:
      • Bulk attach to a new issue
      • Related: Design: Vulnerability container in issues for bulk add

‼ Important note: All MVCs should add a system note on each affected vulnerability with the action taken/ comment added and/or the dismissal type:

and the issue should be added as related when linking to a new or existing issue.

Question

• How should we handle bulk dismissal reasons? On the vulnerability detail page, we require a dismissal type to be selected in order to dismiss. Do we want to persist this with bulk dismiss, or allow a generic "Dismiss"? I'm leaning towards requiring a type in all areas for consistency and more detailed auditing.

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references