FE: Add vulnerability statistics widget on container registry page
↵
↵ Why are we doing this work↵
- A user wants to see an overview of the container registry vulnerability scan from the container registry page and to be able to navigate to container registry vulnerability report for more information↵
- A user wants to see an overview of the container registry dependencies from the container registry page and to be able to navigate to the container registry dependency page for more information↵ ↵
Relevant links↵
↵ | Container registry page | Improved banner (use this mock) |↵ | - | - |↵ | | |↵ ↵
↵ Non-functional requirements↵
↵
-
Documentation:↵ -
Testing:↵ ↵ ↵
Implementation plan↵
-
Add behind feature flag CS_FOR_REGISTRY
↵ -
frontend create banner at the top of container_registry/explorer/pages/list.vue↵ -
frontend add vulnerability count to banner and link to container registry vulnerability tab↵ - `X critical, Y high, and Z other vulnerabilit(y|ies) detected A (minutes|hours|days) ago. View vulnerabilities↵
-
frontend add dependencies count to banner and link to container registry dependencies tab↵ -
X dependenc(y|ies) detected. View dependenc(y|ies)
↵ ↵
-
Implementation details↵
↵
-
Use POC for guidance !145758 (8bc70936)↵ ↵ -
Inject metrics via HAML template↵ ↵
backend needs↵
↵
-
Look at !145758 (8bc70936)↵ ↵ -
We should inject the page counts via HAML [here](!145758 (closed)Follow-up to !161994 (comment 218025397919)). Need access to ruby object. !145758 (comment 1802397919)↵ ↵ -
Confirm haml injection won't time out the page or will be a performance issue. If there is performance limitations, let frontend know if we need to discuss loading async.↵ ↵
Weight Reasoning↵
↵
- Need to write unit tests and test at project/group level, insure not visible at the security center level↵ ↵ ↵
Verification steps↵
- Upload a GitLab Ultimate license↵
- Navigate to a project => Packages & Registries => Container Registry↵
- Ingest a SBOM report with
metadata.tools
as registry event set as a part of [CS For Registry] Set SBOM occurrence source to... (#443634 - closed)↵ - Verify that db records are created as per the requirements.↵
- Run advisory scanner and report parser.↵
- Verify that the vulnerabilities are created with report_type: CONTAINER_SCANNING_FOR_REGISTRY↵
- Verify that the group and project GraphQL endpoints returns these vulnerabilities on applying the filter for report_type: CONTAINER_SCANNING_FOR_REGISTRY.↵
- Verify the banner is showing↵
- Verify the banner shows the number of container registry scanning-specific vulnerabilities↵
- Verify the banner shows a link to the container registry vulnerability report tab↵
- Verify the banner shows the number of container registry scanning-specific dependencies↵
- Verify the banner shows a link to the container registry dependencies tab109
Edited by Fernando Cardenas