Include code preview in vulnerability location
Context
When triaging vulnerabilities from the Vulnerability Report page, we often have to deal with a lot of tabs:
- one to keep the vulnerability report loaded (reloading the page can take up to several seconds)
- one to get details about a vulnerability (the one being triaged)
- one to see the impacted code
graph LR
VR[Vulnerability Report] -->|Select one vulnerability| VP(Open Vulnerability page)
VP --> LOC(Open Location)
LOC --> UPT(Change Vulnerability status)
UPT -->|Close tab| LOC
LOC -->|Close tab| VP
VP --> |Select next| VR
Once triaged, tabs 2. and 3. are closed, and two new are usually open for the next vulnerability in the report.
Proposal
It would save us time and resources to avoid the step 3. altogether if possible. Especially, when triaging secrets, we just need to "see" the secret to figure out if it's a real one or not. Having a preview of the code would be very useful: in other words a partial view of the vulnerability location, like we do for diffs in the Merge Requests.
Example (with just one line of course instead of the two for the diff):
Moon shot
We could save another tab (2. vulnerability page) if by hovering the location we could see the portion of code affected. Again, particularly useful for secrets in the Vulnerability Reports.