Add support to sorting (two levels) based on the existing dependency list service
Why are we doing this work
As discussed here, the following is an overview of the plan for adding vulnerabilities into both project and group levels:
- Add
vulnerabilities
into sbom_occurrences. - Update sbom_occurrences ingestion in order to fill
vulnerabilities
. - Add
vulnerabilities
as part of graphql dependency_type. - Update dependency entity to support
vulnerabilities
for group level controller. - Update dependencies_table.vue to include
vulnerabilities
for group level. - Add support to sorting (two levels) based on the existing dependency list service.
- Add support for filtering based on the existing dependency list service.
note A new FF is recommended for the set of changes proposed above.
Link to the PoC MR to keep this comment self-contained.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- backend Create a new scope to order by vulnerabilities into occurrence.rb. Sort only the first two levels as currently present in dependency_list_service.rb.
- backend Update dependencies_finder.rb to use the new scope to order by vulnerabilties.
-
backend Update dependency_sort_enum.rb to include
SEVERITY_ASC
andSEVERITY_DESC
.
Verification steps
Edited by Zamir Martins