Update the UI of the project tool dropdown with scanner name
Current | Proposal |
---|---|
![]() |
![]() |
Walkthrough
1. User Action
The user selects:
2. Query String
The query string is updated to reflect these 2 selections
?scanner=GitLab.SAST,SamScan.SAST
The query string's purpose is to preserve the selected dropdown state (whether from a shared link or when the page refresh). This allows the dropdown to be pre-selected accordingly and the corresponding vulnerability list that aligns with the chosen selection.
3. Request
The FE will then find the id
belonging to the selections:
- All the
reportType: SAST
with avendor:Gitlab
- All the
reportType: SAST
with avendor:SamScan
scannerId: [
"gid://gitlab/Vulnerabilities::Scanner/545", // GitLab, ESLint
"gid://gitlab/Vulnerabilities::Scanner/546", // GitLab, Find Security Bugs
"gid://gitlab/Vulnerabilities::Scanner/558" // SamScan, A Custom Scanner
]
The information is sent to the projectVulnerabilities
GraphQL query which returns our vulnerability report.
Implementation Plan
Update Dropdown
Keep current architecture (returning to Option 2
), the additional data can be made available like this:
// ee/app/services/vulnerability_scanners/list_service.rb
module VulnerabilityScanners
{
id: scanner.id,
vendor: scanner.vendor,
+ report_type: ::Enums::Vulnerability.report_types.key(scanner.report_type).upcase,
+ name: scanner.name,
+ external_id: scanner.external_id
With this additional information, we can populate the dropdown like this:
report_type
name - vendor
SAST
ESLint - Gitlab
Find Security Bugs - Gitlab
A Custom Scanner - SamScan
Request
We will continue using the same projectVulnerabilities
GraphQL query and utilizing the scannerId
variable.
Query String
This will be the tricky part. We need to maintain backward compatibility (so existing bookmarks still work), so these query strings need to be supported:
?scanner=GitLab.SAST,SamScan.SAST,reportType=SAST
With the addition of the vulnerability scanner name (ie. ESLint), we need to figure out how to proceed with this. Exact solution TBD, but some ideas:
- Introduce a new query key ex.
scannerName
- Append to existing query key ex.
GitLab.SAST.find_sec_bugs