Spike: POC for filtered search on the Vulnerability Report
Problem
TBD
Proposal
An example prototype was done that can be used for reference.
To best set up a research study for success, we would like to see the following for this spike POC:
Identifier | Operator | Value |
---|---|---|
Status | is/ is one of/ is not one of | Needs triage/ Confirmed/ Resolved/ Dismissed |
Severity | is/ is one of/ is not one of | Critical/ High/ Medium/ Low/ Unknown/ Info |
Tool | is/ is one of/ is not one of | API Fuzzing/ Container Scanning/ Coverage Fuzzing/ DAST/ Dependency Scanning/ SAST/ Secret Detection/ Manually added |
Scanner | is/ is one of/ is not one of | List of scanners (eslint, gosec, Semgrep, Gemnasium, etc.) |
Activity* | is/ is not one of/ is one of | still detected/ has issue/ has an MR/ has solution available/ is false positive/ has been auto-resolved/ has been auto-dismissed |
Project | is/ is not one of/ is one of | List of projects |
CVE | is/ is not one of/ is one of | List of CVEs |
CWE | is/ is not one of/ is one of | List of CWEs |
Directory | is/ is not one of/ is one of | List of directories |
File | is/ is not one of/ is one of | List of files |
Pipeline | is/ is not one of/ is one of | List of pipelines |
Branch | is/ is not one of/ is one of | List of branches |
Container image | is/ is not one of/ is one of | List of container images |
Dismissal reason | is/ is not one of/ is one of | List of dismissal reasons |
- Included all options from the future activity menu items, even though all aren't available currently.
Expected Outcomes
-
The following default filters are applied: Status
||
Needs triage, Confirmed
-
Multi-select functionality is enabled -
Users can add, remove, or edit any of the tokens -
All dropdowns have a working search bar within them, except for the shorter and more finite lists: Status, severity, tool, activity and dismissal reason -
One version of the component exists as-is, where tokens are "hidden" to the left if enough are added. Another version should use multi-line, where the tokens wrap to new lines. If one of these tokens is clicked on, the dropdown should ideally appear right below the token, not below the component (which is how it works with single line). If this is more than trivial development effort, then we can put the dropdown below the component.
Edited by Becka Lippert