Discussion: considering moving operational tab to a filter

Proposal

The Operational Vulnerabilities tab is used to display vulnerabilities that were detected in external sources. Right now in the UI we display it as a tab as shown in the following screenshot:

Functionality-wise it is identical to Development vulnerabilities except the Tool filter which is not displayed in the Operational Vulnerabilities tab.

In the upcoming releases, we'll be introducing the manually created vulnerabilities, which are going to be filtered through the Tool filter. Similar to the manually created vulnerabilities, adding a Operational vulnerabilities tool filter may help decrease the complexity both in terms of UX and code.

changed milestone to %14.9

added Category:Vulnerability Management Deliverable GitLab Ultimate devopssecure documentation featureaddition frontend groupthreat insights missed-deliverable missed:14.4 missed:14.5 missed:14.6 missed:14.7 sectionsec typefeature workflowverification labels

assigned to @svedova

removed missed:14.4 label

removed missed-deliverable label

removed missed:14.7 label

removed missed:14.5 label

removed missed:14.6 label

removed workflowverification label

removed Deliverable label

added workflowrefinement label

This issue/discussion is the result of a brainstorming session with Daniel.

@dftian please feel free to edit the issue description if you see necessary.

@svedova the Operational Vulnerabilities tab is brand new and will soon be extended with features such as adding a new filter menu in FE: Add `Image` filter to the `Operational vuln... (#337883 - closed). Therefore we should instead look for ways to continue to abstract the filtering and results list. WDYT about starting a spike (or re-using this issue) to find additional opportunities to refactor the vulnerability report page?

/cc @sam.white @aturinske

Plus there are a few more changes coming down the pipeline:

• we are planning on adding another new filter menu only in the Operational Vulnerabilities tab: FE: Add `Cluster` filter to the `Operational vu... (#337882 - closed)
• initial planning has started on adding another tab to the vulnerability report called Container registry vulnerabilities as part of GitLab Container Registry: Continuous Vulnerabi... (&2340 - closed)

/cc @matt_wilson

@nmccorrison @svedova @aturinske For now, I think it makes sense for ~"group::container security" to keep working on enhancements to the dedicated Operational Vulnerabilities tab and the upcoming Container registry one. @beckalippert is working on designs that should be able to incorporate what is built here into our future vision for the Vulnerability Report.

Advanced filtering should accommodate these additional, container- and environment-specific filter options. Combined with [customizable views](#267572 (closed) are effectively user-defined tabs—-the work in the current other tabs should port over nicely.

/cc @sam.white

Thanks everyone for the replies!

Since @dftian already created the epic &7747 (closed) to address the tech dept. I think we can close this issue @nmccorrison.

changed milestone to %14.10

added missed:14.9 label

removed documentation label

FYI @matt_wilson on this issue.

closed

mentioned in epic &7747 (closed)

mentioned in issue gitlab-org/quality/triage-reports#6989 (closed)